Quishing: The QR Code Scam You’ve Never Heard Of (Until Now)

At USF Credit Union, protecting our members is our top priority - that’s why we want you to know about a fast-growing scam called quishing - QR code phishing.

Cybercriminals are using quishing to trick people into sharing sensitive information or installing harmful software on their devices. Today, we’re sharing seven ways you can stay a step ahead:

Protect Yourself from Quishing

• Be cautious with unsolicited QR codes. Don’t scan codes from unexpected emails, texts, or physical mail.
• Inspect before you scan. Look closely at public QR codes for stickers or tampering.
• Preview the URL. Many phones and scanners let you see the website before you tap—check that it starts with “https://” and looks legitimate.
• Watch out for urgency. If a message pressures you to act quickly or provide sensitive info, it’s a red flag.
• Verify with the source. Contact the business or institution directly through official channels if you’re unsure.
• Use trusted QR scanners. Your phone’s built-in camera or a trusted app with a preview feature is safer than random third-party apps.
• Report suspicious codes. If you come across a sketchy QR code—or if you think you’ve been scammed—report it to USF Credit Union, the FTC, or local law enforcement.

USF CU Expert: Use Caution Before Scanning!

“If something feels off - whether it’s a QR code in an unexpected email or one that looks tampered with in public - trust your instincts,” said Jeff Billy, Cybersecurity Expert at USF Credit Union. “Take a moment to verify before scanning. That extra pause can protect you from a costly scam.”

At USF Credit Union, we’re committed to keeping your financial information safe - and empowering you with the knowledge to spot scams before they happen.

Remember: when in doubt, don’t scan.

Contact us - we’re here to keep you safe.