Protect yourself from Qshing

Header

Author: Trend Micro

July 16, 2021

Covid-19 made many of us think about the society and the day-to-day interaction differently. For example, the practice of social distancing, which encourage everyone to keep a fair amount of distance, or go contactless, due to health concerns and the initial finding that the virus may be transmitted thru touch and that it stays on a surface for several days. Therefore, the use of Quick Response or QR code have grown in popularity to minimize close contact. We’ve seen this being adapted to contact tracing apps and merchants as payment method, to name a few.

QR code makes it easier to conduct transactions with your mobile devices using its camera or a QR Scanner app, which increases our reliance on this two-dimensional barcode. QR code can contain more information, and it can link you to a contact tracing site, pay a merchant, or download an app. The more we use QR code in our daily lives, the more interesting this is for cybercriminals.

In the first quarter of this year, Trend Micro warned that QR code abuse or QShing may pose a risk to your mobile devices today, and it could be just another way for internet perpetrators to steal your personal information. Since QR codes are everywhere nowadays, users tend to scan them without asking questions. Because of that, scammers may design a QR code to redirect you to a malicious site instead of a trusted one. You may be asked to login with your banking credentials and provide other payment information, which cybercriminals will use for their personal gain.

Scanning a QR code also poses a threat to install an app with an embedded malware, which compromises the device and make it vulnerable to other types of fraudulent activities.

Here are some tips to protect yourself from QShing:

  • Do not scan a QR code unless you trust its source
  • Check the QR code sticker to ensure it’s not pasted over an original one
  • Only QR code payment if you are directly transacting with trusted merchants or person you know

It is vital to install Trend Micro Mobile Security to keep your mobile devices safe. In addition to malware scanning, Mobile Security is equipped with a secure QR Code scanner to test-scan QR codes and detect if it contains a link to a dangerous website.

Trend Micro QR Code Scanner is also available for free on Google Play store.

 

Report a Scam!

Have you fallen for a hoax, bought a fake product? Report the site and warn others!

Help & Info

Top Safety Picks

Your Go-To Tools for Online Safety
Disclaimer: Some of the links here are affiliate links. If you click them and make a purchase, we may earn a commission at no extra cost to you.

  1. ScamAdviser App : That site looks legit. That's exactly how they get you. Modern scams are frighteningly convincing. ScamAdviser scans sites and blocks fraud calls automatically. Free on iOS & Android.
  2. NordVPN : NordVPN delivers powerful, seamless protection for your online life - whether you're at home, on public Wi-Fi, or traveling abroad. Recognized as one of the fastest VPN services available, it combines lightning-fast speeds with advanced encryption to keep
  3. Incogni : Incogni automatically removes your personal data from data brokers that trade in personal information online, helping reduce scam and identity theft risks without the hassle of manual opt-outs. Reclaim your privacy now!
  4. Private Internet Access (PIA) : PIA gives you a no-logs VPN built on the latest encryption standards and WireGuard protocol — meaning your browsing activity stays yours alone. Fast, private, and transparent. Take back your privacy today!
  5. Surfshark VPN : One subscription, unlimited devices. Surfshark is the fastest VPN out there — covering your phone, laptop, tablet and more with a stable, secure connection for browsing, streaming and working. Get Surfshark now!
  6. Proton VPN : Independently audited and built with a strict no-logs policy, Proton VPN is trusted by over 3 million users worldwide. It’s been named Best VPN by Wired, PCMag, and Vice—offering strong encryption for anyone who takes their privacy seriously. Give Proton

Popular Stories

In a nutshell: A good VPN protects your privacy with strong encryption, a strict no-logs policy, and fast protocols like WireGuard. The best VPNs also offer wide server coverage, leak protection, and easy-to-use apps for all devices. For 2025, the top providers are NordVPN, ExpressVPN, Surfshark, Proton VPN, Private Internet Access, CyberGhost, and Mullvad—each excelling in speed, security, or value. In an age where every click is tracked, a Virtual Private Network (VPN) is no longer just a luxury—it's an essential tool for digital privacy and security. A VPN works by creating a secure, encrypted tunnel between your device and the internet, masking your real IP address and protecting your sensitive data from prying eyes. But with hundreds of providers out there, how do you sort the secure from the suspect? This guide breaks down the non-negotiable features of a quality VPN and highlights the 7 top-rated services for 2025. What to Look for in a Good VPN: The 4 Non-Negotiable Pillars 1. Ironclad Security Features Strong Encryption: AES-256, the gold standard. Secure Protocols: OpenVPN, WireGuard, NordLynx, Lightway. Avoid PPTP. Kill Switch: Ensures no accidental IP leaks. Leak Protection: Covers DNS, IPv6, and WebRTC. 2. Verified Privacy Practices No-Logs Policy: No activity or metadata tracking. Independent Audits: Verification by third parties. Safe Jurisdiction: Prefer countries outside the 5/9/14 Eyes alliances. 3. High-Speed Performance Fast Protocols: WireGuard and equivalents. Large Server Network: Less crowding, more reliable speeds. 4. Essential Usability Features Multi-Device Apps: Windows, Mac, iOS, Android, routers. Simultaneous Connections: One account, many devices. Unblocking Power: Netflix, Hulu, BBC

This article has been updated by Jamie James on June 9 with the latest data and analysis we have found using real user reports and experiences submitted to ScamAdviser. Just received that terrifying notification? Or perhaps you've noticed suspicious activity in your accounts? Take a deep breath. Your email, password, phone number, home address, payment details, or identity documents may now be in places you cannot control. But the next steps do not have to be confusing. What matters most is how quickly you act, order, and know which exposed data creates the biggest risk. This guide explains what to do after a data breach, how to check the damage, and how to protect yourself from identity theft, account takeover, and follow-up scams. Quick Summary Verify the data breach notice through the company’s official website before clicking any links. Secure your primary email account first because it controls many password resets. Change the exposed password and every reused or similar password. Enable multi-factor authentication on email, banking, payment, cloud, and social accounts. Contact your bank or card issuer if payment or bank account details were exposed. Freeze or protect your credit if sensitive identity information was compromised. Watch for phishing messages, fake refund offers, and scam websites that use your leaked details. Starting with Data Breach Numbers The numbers don't lie: according to a 2024 report, the number of data breach victim notices has grown by a staggering 211% year-over-year. This isn't just a distant threat; it's a stark reality many individuals fa