From parking meters and restaurant menus to business cards and contactless payments, QR codes are everywhere in our daily lives. Unfortunately, cybercriminals are taking advantage of their popularity and convenience to steal your personal information and money.

We want to alert you to a rising type of phishing scam involving QR codes—a tactic known as “quishing.” In these scams, cybercriminals use fake or tampered QR codes to direct you to fraudulent websites or trigger the download of malware on your device. This can result in financial loss and compromised personal data.

Recently these malicious codes have been popping up in various places, including packages, utility bills, government payment notices, emails and social media posts. In some cases, scammers have even placed fake QR code stickers over legitimate QR codes in public areas like parking garages

How to Protect Yourself

• Be cautious. Don’t scan QR codes unless you know and trust the source.
• Preview the URL. Most phones will show the link before you open it. Look for misspellings, unusual domain names, or anything suspicious.
• Avoid logging in. If a QR code directs you to a login page, don’t enter your credentials. Instead, go directly to the organization’s official website.

Stay informed and secure. You can always find the latest fraud and cybersecurity alerts at PNFP.com/FraudCenter.