Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

QR-code Phishing

1 min read
Pronunciation
[cue-are kohd fih-shing]
Analogy
Like swapping a restaurant’s genuine menu with a fake one that lures customers into a scam.
Definition
A social engineering attack where malicious actors replace or tamper with legitimate QR codes to redirect users to phishing sites or deliver malware.
Key Points Intro
QR-code phishing exploits user trust in scanning codes to execute attacks.
Key Points

Sticker attacks: overlaying fake QR codes on legitimate ones

URL obfuscation: hiding malicious domains behind shortened links

Malware delivery: triggering app downloads or scripts

Lack of preview: many scanners don’t show full URLs

Example
An attacker places a sticker with a malicious QR code over an ATM’s payment code, leading victims to a fake banking login page.
Technical Deep Dive
Attackers generate QR codes encoding phishing URLs, then physically overlay them or embed them in digital content. Defenses include URL preview SDKs, TLS certificate checks, and domain whitelisting. On-chain wallets can integrate verification steps before executing payments.
Security Warning
Always verify QR code sources and preview full URLs before confirming any action.
Caveat
User education and software mitigations help but cannot fully eliminate the risk of QR-code phishing.
Related Terms
Social Engineering
Phishing
QR Code Scanning UX

QR-code Phishing - Related Articles

No related articles for this term.