Threat Intelligence Directory
Phishing
QR Code Phishing (Quishing)
Attack Trigger
QR codes are opaque — victims cannot preview the destination before scanning
What Attackers Want
Login credentials / payment card details via fake landing page
How This Attack Works
Attackers embed malicious QR codes in emails, printed flyers, or fake parking tickets. Scanning the code on a mobile device opens a convincing phishing page — often mimicking a bank, government portal, or parcel delivery service. QR phishing bypasses most email security filters because the code is an image, not a link, and seniors are often targeted in post-COVID contexts (menus, vaccine certificates, package tracking).
Red Flags to Watch For
- ✗Email instructs you to scan a QR code instead of clicking a link
- ✗QR code received unexpectedly — not from a service you use
- ✗Destination URL after scanning is unfamiliar or does not match the claimed sender
- ✗Urgency language combined with a QR code is a strong signal of fraud
How Glance Stops This
- Domain similarity analysis catches lookalike sender addresses at millisecond speed
- SPF / DKIM / DMARC validation flags authentication failures before you ever see the email
- VirusTotal + Google Safe Browsing checks every link in real time
- Urgency language detection scores the email higher for manual review
- Known malicious domain blocklist updated continuously from live scan data
Don't wait to get hit.
Glance scans every incoming email against 12 detection layers — including the exact tactics described above — before it reaches your inbox.
Protect My Inbox — Free