Skip to main content
Information Security
YOUR SOURCE FOR IMPROVING INFORMATION SECURITY FOR YOURSELF AND OUR CES COMMUNITY.

Quishing

Watch out for the newest scam that's been hitting the nation. And also outside of the nation. Some would call it international, even.

  • Quishing is a new form of scamming that involves QR codes. Scanning these fraudulent QR codes leads you to dangerous and harmful sites that can steal your information. These QR codes can be sent in emails, uploaded to shady websites, or even printed out and pinned to walls.

  • Be wary when you scan QR codes. If you don’t know where they’re going, or who they came from, simply avoid scanning it. If you’re using a QR code, make sure to leave a link so that users know where the code leads.

    If it’s a physical QR code, make sure that it’s not a sticker. Some scammers will print out stickers of their own QR codes and put them over top of authentic QR codes.

  • If you’ve scanned a QR code and find yourself on a suspicious website, being asked to give personal information, here’s what to do:

    1. Report it. You can send any online scams, whether it be phishing, vishing, quishing, etc. to phishing@byu.edu Making other people aware of these scams helps protect others from falling for the same tricks

    2. Disconnect from Wi-fi to cease spreading the attack further.

    3. Change login or password information from any accounts you suspect might have been attacked

    4. If you gave any financial information to the scammer, contact your bank immediately and make them aware that someone else may have access to your account

  • 1. Always add a link! That way, people can know where the QR code is going to lead them, and they can type in the link if they prefer not to scan.

    2. Make sure you’re using a safe source to make you QR Code, such as

    a. Brightspot

    b. Adobe https://www.adobe.com/express/feature/image/qr-code-generator

    c. Canva https://www.canva.com/qr-code-generator/

    3. Did you know that you can add a password to your QR code? If the information is private, but you like the ease of scanning a QR code, consider adding a password.

    4. Check on your QR code occasionally. Make sure that the link still works, and if it's a physical QR code, make sure that no one has put a fake code sticker on top of it.

    5. A QR code that incorporates the unique BYU branding in its design or is published on an official looking poster explaining the purpose of the QR code is better than a blank sheet of paper that has the QR code, even if you think you’ve been clear with your target audience about where the QR code is and what it’s for.

    6. Securing of the physical QR code could be an important factor - more than just checking on it occasionally. Posting it in an out of reach location, behind glass, or using digital signage instead of a paper on a wall could all be options to consider.
Quishing Icon

Phishing Resources

Phishing
Smishing
Vishing