QRshingHackers tend to be extremely careful about the new tools they can use to carry out scams and infect modern operating systems without leaving a trace. The new threat uses QR codes to carry out attacks in Italy and in the world, often hiding in very harmless codes or highly sought after by users (such as discount coupons).In the following guide, we will show you how the QR code is used for scams and what we can do to avoid falling into the trap of the bad guys. It is advisable to read all the proposed chapters carefully, as this scam could easily replace email and SMS scams.READ ALSO -> Recognize the scam SMS from Poste Info

1) What is QRishing

Threat QRishing

The new cyber attack is called QRhisha name which is the fusion of the terms QR Code e phishing. The origin of the name allows us to understand the nature of the threat: the bad guys create gods malicious QR codes well hidden within commonly used products or on discount coupons available online.

Just like phishing this threat targets careless users or is eager to access advantages, bonuses, or sudden discounts: therefore, the simple rear camera of the smartphone is enough to start the cyber attack, often hidden behind a well-designed web page in order to subsequently access the promised discount.

2) How the attack is carried out

Frode QRishing

The attack starts when we start scanning a simple fake QR code: this is possible using the phone’s camera app (which will show the QR icon after scanning any QR code that complies with the characteristics).

After the scan, it will show the code hidden web link: clicking on the code will open a page (in the web browser) with information on the promised benefit (shopping voucher or discount voucher); before redeeming the voucher you are asked to enter your credit card or bank account details per check the geographical area where we belong.

Obviously, this is a scam outright, born with the sole purpose of deceiving us: after entering the credentials we will not receive any coupons or discounts while the attacker will have access to our credit card or our account, stealing all our money or making transactions in our name.

In addition to the discount voucher, the malicious QR codes can hide seemingly harmless web pages with the fake site of the Italian Post Office or the site of some famous bank: by opening the screen in the browser, the inexperienced user could easily mistake it for the official app, thus providing the access data to the bad guys.

It’s not uncommon for links hidden behind QR codes to also hide mobile malware although in most cases they are just links to pages designed to scam people.

3) How to defend yourself from QRishing

QRishing defense

The greatest caution is to absolutely avoid QR codes combined with discounts and promotions especially when distributed online. Even if these codes are widely used for promotions, it is worth using the numerical part of the code (always visible on real vouchers), to be entered only on the official website of the store or on the website provided by the promotional activity.

If we don’t want to give up QR codes, we advise you to open malicious links only with safe and effective browsers (such as Mozilla Firefox) or, alternatively, use a mobile security suite capable of intercepting phishing links hidden inside QR codes.

A good security suite to catch deceptive websites inside QR codes is without a doubt Avast Antivirus available for free for Android and for iPhone.

If we don’t want to use Avast we can choose a good antivirus for mobile by reading our guide to the best antivirus and antimalware apps for android.

4) What to do in case of an attack

Police post

Timing is everything in this case: we immediately call the bank or the Italian post office and ask for the account to be blocked, the card to be blocked and any pending money transfer to be blocked, so as to limit the damage.

After having saved the account, it is advisable to contact the State Police or the Police post using the page for reporting electronic crimes explaining what happened, and also providing a copy of the QR code and link that we have been the victim of.


QR codes are widely used in the marketing of online shops and IT chains to provide access to services, benefits, and discounts, but we must pay close attention to what we photograph and what we click on: it takes very little to find ourselves involved in a scam in which they totally robbed our bank account or credit card.

We, therefore, pay close attention to the QR codes we scan and, if we are at high risk of fraud, we install an antivirus capable of analyzing suspicious links present in QR codes, within apps, or within chat messages.

To learn more we can read our guides on how to recognize if an email is fake, scam, or inauthentic and how to avoid scam SMS and spam.


Please enter your comment!
Please enter your name here