- QR codes are the new creative gateway for cybercriminals
- 26 million may have already been at risk of being victims
- Tips to stay safe include keeping your phone up to date
Have you scanned a QR (quick response) code recently? Then maybe take a second look at that array of black and white pixels, as there’s a good chance you’ve already unknowingly been lured into a QR code or “quishing” scam, warns NordVPN.
QR codes are everywhere. Since their debut more than 20 years ago, an increasing number of services (such as paying for parking, picking up packages, booking concert tickets or ordering a pizza) have increasingly relied on these versatile 2D barcodes.
Cybercriminals have also recognized its potential and are increasingly using so-called “quishing” as a method to commit financial fraud and steal data. Alarming data from TechRadar’s top-rated VPN suggests that many of us may have already fallen victim. In fact, up to 26 million people could have been lured into a phishing scam by clicking on a malicious QR code.
It’s a trap!
Over the years, retailers, financial institutions and marketers have replaced traditional barcodes with QR codes, with the advantage that they can store large amounts of data and instantly link users to websites, apps or digital content when scanned with a smartphone.
However, scammers have also integrated them into physical and digital scams, powered by AI to make these attacks faster and more effective.
Marijus Briedis, CTO at NordVPN, explains: “Unlike traditional phishing emails, where people have learned to spot the warning signs, a physical QR code seems inherently trustworthy.”
As a result, scammers have increasingly been exploiting a malicious e-commerce technique called “brushing.” This involves sending unexpected packages with cryptic notes that encourage recipients to scan a QR code for more information, only to be redirected to phishing websites.
Unlike traditional phishing emails, a physical QR code appears inherently trustworthy
Marijus Briedis, CTO of NordVPN
NordVPN warns that real-life examples include Amazon appearing to have shipped packages that were never ordered, with a QR message encouraging recipients to claim non-existent rewards as part of larger scam operations.
Previous quishing scams also involved fake payment QR codes placed in car parks, where victims ended up sending money to criminals without realizing it.
One particularly emotionally manipulative scam tricks victims into scanning QR codes by persuading them that it will provide them with proof that their partner is cheating on them.
Because QR codes are so versatile for creative scam tactics, their use in fraud has skyrocketed. According to reports from cybersecurity experts at KepNet, 26% of all malicious links are now embedded in QR codes.
NordVPN has been at the forefront of the fight against scams, strengthening its Threat Protection Pro features, including email protection that scans links for phishing threats, as blocking scams remains its top priority for 2026. Last week, the VPN provider blocked 92% of malicious websites in tests conducted by AV-Comparatives.
How to stay safe?
While essential for protecting your data, a virtual private network (VPN) won’t stop you from scanning yourself for malicious code. Although studies show that Brits are pretty good at spotting phishing scams, NordVPN urges us to stay alert and follow some simple preventative steps.
Briedis’ advice is clear: “Treat every unexpected QR code with the same suspicion as you would a link from an unknown sender in your inbox.”
Before scanning a QR code, make sure you know who sent it and verify that the company requesting the scan is trustworthy.
Since most smartphones allow you to preview links, check if the URL looks unusual or suspicious.
Keep your security measures activeincluding VPN protection, and be wary of QR codes found in unusual shapes or locations.
And if this is old news to you, be sure to share it with someone who doesn’t know: after all, one user per day could keep those scammers at bay.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
