Quishing: Scan with caution!

QR phishing (also known as "quishing") is phishing with fake QR codes. They lure you to fraudulent websites or smuggle malware onto your device. The codes are lurking everywhere: in the office, in the city, even at home!

• Invoice from supplier: an alleged invoice arrives by email from a supplier that needs to be paid.
• Fake update: email with a QR code for an "urgent" software update. If you scan it, you download malware!
• Email from Microsoft: MFA Authenticator expires in the next few days and needs to be changed.
• Payroll: Letter by e-mail with QR code for payroll.

• "Lost" shipment: SMS/email due to an undeliverable parcel. The QR code leads to a phishing site that grabs your credit card details.
• Manipulated parking ticket: QR code on the parking ticket does not lead to payment, but to a site that wants your data.
• Restaurant bargain : QR code in the restaurant promises an exclusive offer. Instead, you end up on a fake login page for your email account.

• Data loss: Your personal data, access data, bank details or credit card information are gone.
• Malware: Your device is infected, your data is spied on or your device is misused for cyber attacks.
• Identity theft: Fraudsters open fake accounts, take out loans or make purchases at your expense.
• Financial loss: Stolen bank details or credit cards threaten financial losses.
• Damage to the company: Stolen company data = damage to image, financial losses, legal problems.

• Be skeptical: question the source of the QR code. Is it trustworthy?
• Check the preview: Many scanners display the URL before opening it. Is it plausible and secure (HTTPS)?
• Better to type it out: If you don't trust the source, it's better to enter the web address manually.
• Report: Send suspicious QR codes to the bb_iso@baur.de mailbox or submit them via the report button in Outlook.