QR phishing alert

QR phishing, known as ‘quishing’ is the scammers attempts to take your money.

Action Fraud is urging people to look out for rogue QR codes, after 784 reports of ‘quishing’ were made to Action Fraud between April 2024 and April 2025, with almost £3.5 million lost.

A new alert has been issued warning about quishing, a form of phishing where a fraudulent QR code is scanned, designed to steal personal and financial information. The warning encourages people to stay vigilant and double check QR codes to see if they are malicious, or have been tampered with, before scanning them online or in public spaces. 

QR codes used in pubs or restaurants are usually safe to scan.

Scanning QR codes in open spaces (like stations and car parks) might pose a greater risk. Check for signs that codes may have been tampered with (usually by a sticker placed over the legitimate QR code).

If in doubt, do not scan them: use a search engine to find the official website or app for the organisation you need to make a payment to.

If you receive an email with a QR code in it, and you’re asked to scan it, you should be cautious due to an increase in these types of ‘quishing’ attacks.
Use the QR-scanner that comes with your phone, rather than using an unknown app downloaded from an app store.

If you receive a suspicious email, report it by forwarding it to phishing@report.gov.uk 

Find out how to protect yourself from fraud: https://stopthinkfraud.campaign.gov.uk

If you’ve been a victim of fraud, report it at www.actionfraud.police.uk or by calling 0300 123 2040. In Scotland, contact Police Scotland on 101.