During the COVID-19 pandemic, QR codes became an indispensable tool in various spaces such as restaurants, airports, and shops. Their use facilitated contactless interaction, allowing users to access menus, forms, and other services by simply scanning the code with their mobile phones. However, the popularization of this technology has also brought with it a growing threat: quishing.

Quishing is a variant of phishing that consists of the falsification of authentic QR codes. These fake codes direct users to fraudulent websites where cybercriminals can steal personal and financial information. The worrying thing is that, unlike suspicious links that can be identified in emails or text messages, QR codes do not reveal at a glance the destination to which they redirect, making them an ideal channel for malicious activities.

According to a report by the cybersecurity company HBS, quishing attacks have shown an alarming growth. In 2021, just 0.8% of cyberattack incidents involved this type of threat. However, by 2024, the figure has reached 10.8%, revealing an increasing trend that worries digital security experts.

This increase in quishing attacks not only affects unsuspecting users, but has also served as a gateway for other, more sophisticated types of cyberattacks, such as phishing and ransomware. Phishing, for example, tricks users into revealing sensitive data by clicking on fraudulent links, while ransomware is used to block access to devices or files, demanding a ransom for their release.

The HBS report highlights the urgent need to implement more robust security measures to mitigate the risk of quishing. Recommendations include educating users, who should be aware of the dangers of scanning unknown QR codes. In addition, it is essential to use up-to-date security software that can detect and prevent malicious links before users access them.

In a digital environment where security is becoming increasingly complex, it is vital that both companies and users are alert to the threat of quishing and adopt practices that strengthen the protection of their data. What was once a simple and efficient tool in times of pandemic has now become a double-edged sword if not used with caution.