New 'Quishing' Alert from Action Fraud

New 'Quishing' Alert from Action Fraud

Action Fraud is urging people to look out for rogue QR codes after 784 reports of ‘quishing’ were made to Action Fraud between April 2024 and April 2025, with almost £3.5 million lost. Quishing is a form of phishing where a fraudulent QR code is scanned, designed to steal personal and financial information. The warning encourages people to stay vigilant and double check QR codes to see if they are malicious or have been tampered with before scanning them online or in a public place.

Action Fraud revealed that quishing happens most frequently in car parks, with criminals using stickers to tamper with QR codes on parking machines. Quishing also occurred on online shopping platforms, where sellers received a QR code via email to either verify accounts or to receive payment for sold items. Reports also showed phishing attacks were taking place impersonating HMRC or other UK government schemes.

What can you do to avoid being a victim of quishing?

QR codes used in pubs or restaurants are usually safe to scan

Scanning QR codes in open spaces (like stations and car parks) might pose a greater risk. Check for signs that codes may have been tampered with (usually by a sticker placed over the legitimate QR code). If in doubt, do not scan them: use a search engine to find the official website or app for the organisation you need to make a payment to.

If you receive an email with a QR code in it, and you're asked to scan it, you should be cautious due to an increase in these types of ‘quishing’ attacks.

Finally, Action Fraud recommends that you use the QR scanner that comes with your phone, rather than using an app to downloaded from an app store.

If you receive a suspicious email, report it by forwarding it to report@phishing.gov.uk

Reply to this message

Message Sent By
Julia Wells
(Staffordshire Police, PCSO, South Staffordshire)