Quishing, Phishing via QR code

The transition from the barcode to the QR code powered by GS1 offers enormous possibilities. Unfortunately, with technological advancements comes new security challenges. We hereby inform you about the concept of "quishing"; phishing via QR codes.

What is phishing? And what is quishing?

Phishing is a form of cybercrime in which malicious actors attempt to steal personal information by pretending to be a trustworthy entity. Quishing uses rogue QR codes to direct users to fraudulent websites, where they ask them to enter sensitive information such as login or payment details. Only the way in which the link is presented (via a QR code) differs from classic phishing.

We provide some recommendations to prevent phishing and quishing:

• Trusted sources: Make sure you only scan QR codes from reliable and well-known sources. Avoid scanning QR codes you come across in unfamiliar places.
• Check the URL: Use QR code scanners that show the URL before you open it. Carefully check that the URL matches the expected website and look for suspicious elements such as spelling mistakes or unusual domain names.
• Be careful with sensitive information: Never enter sensitive information on a website unless you are absolutely certain of its legitimacy.
• Two-factor authentication (2FA): Use two-factor authentication for extra security for your accounts. Attackers will still be unable to access accounts even if they have received login credentials.
• More tips: Go to https://safeonweb.be/en/tips from the Centre for Cyber ​​Security Belgium (CCB) for even more tips.
• You can report suspicious websites, messages, etc. to suspicious@safeonweb.be

Our commitment to safety

GS1 Belgium & Luxembourg will always communicate from the trusted gs1belu.org domain. Stay alert, and together let's embrace the benefits of QR codes in a responsible way.