Image courtesy Canva

Phishing has long been the most common cyberattack, tricking people into giving up personal information or money. However, scammers are now shifting tactics as QR codes become more widespread. Research from cybersecurity company NordVPN indicates that over 26 million people may have been directed to malicious websites through fake QR codes. Many of these scams use a method called brushing, where unexpected packages arrive with QR codes claiming to verify the gift or reveal its source.

QR codes feel trustworthy, making them an easy entry point for criminals. Scanning a malicious code can lead to phishing sites, malware, or stolen login credentials. Experts warn that QR-based phishing, or quishing, now accounts for over a quarter of malicious links and could rival email phishing. Nearly three-quarters of Americans scan QR codes without verifying them. Staying safe means scanning only trusted codes, checking links before opening, keeping security software updated, and using VPNs to protect personal data.