Quishing

12th August 2025 | Cybrary Quishing

Quishing is a type of phishing attack that targets users via QR codes. Attackers create malicious QR codes that, when scanned, lead victims to phishing websites, malware downloads, or other malicious activities. The danger lies in the fact that QR codes are often trusted and overlooked by users, who might not question where they’re being directed, especially when scanned in public places, on printed materials, or in emails.

What does this mean for SMBs?

For an SMB (Small to Medium-Sized Business), quishing poses a significant risk because:

  1. Trust Exploitation: Employees or customers may not suspect that a QR code could be malicious, making it easier for cybercriminals to exploit this trust to steal sensitive information, login credentials, or install malware.
  2. Brand Reputation Damage: If an SMB’s customers are targeted by a quishing attack that appears to be linked to the business (e.g., via a fake promo or payment QR code), it can lead to a loss of trust and reputation damage.
  3. Security Vulnerabilities: SMBs with limited cybersecurity resources may not have the infrastructure in place to detect and prevent quishing attacks, making them more vulnerable to breaches and data loss.

To mitigate the risks, SMBs should educate employees and customers about the dangers of unverified QR codes, implement security measures like URL scanning software, and stay on top of cybersecurity training.



Additional Reading:

CyberHoot does have some other resources available for your use. Below are links to all of our resources, feel free to check them out whenever you like:

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

CyberHoot Goes Fully Passwordless: Native Passkey Support Arrives for Administrators

For four years, CyberHoot has argued the same thing on its blog: passwords are major weak link. They get reused,...

Read more
Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

Don’t Score an Own Goal: Outsmart World Cup 2026 Scams

The 2026 FIFA World Cup kicked off on June 11th across the United States, Canada, and Mexico. Six million fans...

Read more
Hackers steal your cookies. Chrome may help stop Session Cookie Theft!

Hackers steal your cookies. Chrome may help stop Session Cookie Theft!

Google has built and released a new cookie protection measure that makes stolen session cookies useless on any...

Read more