‘Quishing’ scams dupe millions of Americans as cybercriminals turn the QR code bad

(Geralt / Pixabay)

By Kevin Williams • Jul 28, 2025

QR codes were once a quirky novelty that prompted a fun scan with the phone. Early on, you might have seen a QR code on a museum exhibit and scanned it to learn more about the eating habits of the woolly mammoth or military strategies of Genghis Khan. During the pandemic, QR codes became the default restaurant menu. However, as QR codes became a mainstay in more urgent aspects of American life, from boarding passes to parking payments, hackers have exploited their ubiquity.

“As with many technological advances that start with good intentions, QR codes have increasingly become targets for malicious use. Because they are everywhere — from gas pumps and yard signs to television commercials — they’re simultaneously useful and dangerous,” said Dustin Brewer, senior director of proactive cybersecurity services at BlueVoyant.

Brewer says that attackers exploit these seemingly harmless symbols to trick people into visiting malicious websites or unknowingly share private information, a scam that has become known as “quishing.”