QR কোড ফিশিং (Quishing) — The Scam Hiding in Plain Sight

You scan a QR কোড at a restaurant to view the menu. You scan one at a parking meter to pay. You scan a code from a delivery notification to track your package. These feel completely harmless. But what if that QR কোড isn't what it seems?

QR ফিশিং আক্রমণs have surged by 270% month-over-month in 2025-2026, and 12% of all ফিশিং আক্রমণs now contain QR কোডs. The FBI has even warned about North Korean hackers deploying malicious QR কোডs. It's time to start treating QR কোডs with the same caution as suspicious links.

কী হলো Quishing?

Quishing = QR + ফিশিং

Traditional ফিশিং sends you a fake link via email or WhatsApp. Quishing uses a fake QR কোড to redirect you to a malicious website instead. The key difference? আপনি পারেন't read a QR কোড with your eyes — making it even more dangerous than a text-based link.

Real-World Quishing Scams

1. Fake Parking Meter QR কোডs

Criminal places a sticker over the legitimate QR code
→ You scan it and land on a fake payment page
→ Enter your card details → stolen instantly

Across the US, fake QR stickers have appeared on parking meters, bike-share stations, and EV charging stations. Cities like Austin, San Antonio, and Houston have issued public warnings.

2. Fake Restaurant Menu QR কোডs

Scammers place a fraudulent QR sticker over a restaurant's real menu code. Instead of the menu, you're taken to a page requesting personal information or payment details — especially at places that require pre-ordering.

3. QR কোডs in ফিশিং Emails

"Your account requires security verification — scan the QR code below"
→ Fake login page
→ Corporate credentials stolen

AI and LLM tools are now being used to craft highly convincing ফিশিং emails with embedded QR কোডs. These bypass traditional email filters because the malicious URL is hidden inside the image.

4. Fake Delivery Notification QR কোডs

"Delivery rescheduled — scan this QR code to update your address"
→ Fake carrier website
→ Name, address, and payment info harvested

Text messages and emails pretending to be from FedEx, UPS, or USPS with QR কোডs have become one of the fastest-growing scam vectors.

5 Signs of a Fake QR কোড

#	Warning Sign	What to Look For
1	Physical sticker placed over original	Feel the surface — if there's a sticker layered on top, it's likely fake
2	URL doesn't match expected domain	The scanned URL should match the business (e.g., parking-city.gov, not p4rking-pay.net)
3	Asks for personal info or payment immediately	Legitimate QR কোডs rarely demand card details right away
4	No HTTPS	If the URL starts with http:// instead of https://, the connection isn't secure
5	Redirects through shortened URLs	Multiple redirects that obscure the final destination are a red flag

কীভাবে Scan QR কোডs নিরাপদে

ধাপ ১: Use Your Phone's Built-In Camera

Your iPhone or Android camera shows a URL preview before opening the link. Never use third-party QR apps that open links automatically.

ধাপ ২: Check the URL Before Tapping

Read the URL carefully. Does it match the expected business? cityparking.gov is safe. c1ty-parking-pay.com is not.

ধাপ ৩: Never Enter Payment Details from a QR-Scanned Link

If a QR কোড leads to a payment page, close it. Go directly to the official app or website to make your payment instead.

ধাপ ৪: Use a QR Scanner App with URL Checking

Security-focused QR scanners can flag known malicious URLs before you open them.

ধাপ ৫: Physically Inspect the QR কোড

In public places, check whether the QR কোড is a sticker placed over another one. If it's raised, peeling, or misaligned — don't scan it.

Safe QR কোডs vs Dangerous QR কোডs

Legitimate Uses

• Wi-Fi sharing: Cafes and hotels providing Wi-Fi credentials via QR
• Official menus: Restaurant QR কোডs integrated into their ordering system
• Trusted payments: QR কোডs generated within official banking or payment apps
• LOCK.PUB link sharing: Password-protected QR links with a trusted lock.pub domain

Dangerous লাল সতর্কতা

• QR কোডs in unsolicited emails
• Stickers placed in public spaces by unknown sources
• QR কোডs on random flyers, posters, or business cards
• QR কোডs received via WhatsApp or Messenger from unknown senders

কী করবেন If You Scanned a Suspicious QR কোড

Don't panic. Follow these steps immediately:

1. Close the browser — if you didn't enter any information, you're likely safe
2. If you entered credentials, change your password immediately
3. If you entered payment info, contact your bank or card issuer to freeze the card
4. Check for unknown apps that may have been installed and delete them
5. Report it to the FTC (reportfraud.ftc.gov) or your local cybercrime authority

How LOCK.PUB Uses QR কোডs নিরাপদে

LOCK.PUB lets you share links via QR কোডs — but with built-in safety features that set it apart:

• Password সুরক্ষা: Even after scanning the QR কোড, a password is required to access the content
• Trusted domain: Always resolves to lock.pub — easy to verify
• Expiration: Links automatically deactivate after the set time period
• Access tracking: See exactly who opened your link and when

The problem isn't QR কোডs themselves — it's unverified QR কোডs from unknown sources. Stick to QR কোডs from trusted origins, and always check the URL before tapping.

উপসংহার

QR কোডs are everywhere because they're convenient. But that convenience is exactly what scammers exploit. One scan can hand over your credit card details, your login credentials, or access to your corporate network.

Before you scan any QR কোড, take 3 seconds to verify it. Those 3 seconds could save your identity, your money, and your peace of mind.

Start Sharing Links নিরাপদে -->