{"id":5846,"date":"2026-06-26T11:16:07","date_gmt":"2026-06-26T11:16:07","guid":{"rendered":"https:\/\/adex.com\/blog\/?p=5846"},"modified":"2026-06-26T11:19:12","modified_gmt":"2026-06-26T11:19:12","slug":"quishing-in-ads-qr-code-phishing","status":"publish","type":"post","link":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/","title":{"rendered":"Quishing in Ads: How QR Codes Can Lead Users to Phishing Pages"},"content":{"rendered":"\n<p>The once-novel QR codes are now a common technology. Whether you scan them to download an app, claim a discount, pay for parking, access a menu, or register for an event, they\u2019re fast and easy.<\/p>\n\n\n\n<p>And that&#8217;s exactly why attackers started paying attention to them.<\/p>\n\n\n\n<p>Security researchers observe a growing number of phishing campaigns built around QR codes over the past few years. A tactic often referred to as <em>quishing<\/em>, where, instead of sending users directly to a suspicious website, attackers hide the destination behind code and rely on the scan.<\/p>\n\n\n\n<p>The technique isn&#8217;t particularly sophisticated, as QR codes often feel trustworthy by default. An interesting challenge: when a malicious QR code appears in an ad, promotion, or landing page, with consequences that can extend far beyond a single click.<\/p>\n\n\n\n<p>So how exactly does quishing work, and why is it becoming a growing concern across the advertising ecosystem?<\/p>\n\n\n<div class=\"toc\"><h4 class=\"toc__title\" id=\"contents\">Contents<\/h4><ul class=\"toc__list\"><li class=\"toc__list_item\"><a href=\"#the-hidden-risk-behind-a-scan\">The Hidden Risk Behind a Scan<\/a><\/li><li class=\"toc__list_item\"><a href=\"#why-users-trust-qr-codes-more-than-they-should\">Why Users Trust QR Codes More Than They Should<\/a><\/li><li class=\"toc__list_item\"><a href=\"#how-a-legitimate-looking-ad-can-turn-into-a-scam\">How a Legitimate-Looking Ad Can Turn Into a Scam<\/a><\/li><li class=\"toc__list_item\"><a href=\"#why-this-becomes-an-advertising-problem\">Why This Becomes an Advertising Problem<\/a><\/li><li class=\"toc__list_item\"><a href=\"#why-attackers-are-betting-on-qr-codes\">Why Attackers Are Betting on QR Codes<\/a><\/li><li class=\"toc__list_item\"><a href=\"#the-tricks-youll-see-again-and-again\">The Tricks You&#039;ll See Again and Again<\/a><\/li><li class=\"toc__list_item\"><a href=\"#where-ad-networks-enter-the-picture\">Where Ad Networks Enter the Picture<\/a><\/li><li class=\"toc__list_item\"><a href=\"#watch-out-for-these-signals\">Watch Out for These Signals<\/a><\/li><li class=\"toc__list_item\"><a href=\"#final-thoughts\">Final Thoughts<\/a><\/li><\/ul><\/div><style>\n.toc {}\n.toc__title {\n      font-size: 32px;\n    line-height: 40px;\n    font-weight: 700;\n}\n.toc__list_item {\n    color: #FE645A !important;\n}\n.toc__list_item:not(:last-child){\n    margin-bottom: 5px;\n}\n.toc__list_item a {\n    font-size: 18px;\n    line-height: 24px;\n    color: #FE645A;\n    font-weight: 600;\n}\n.toc__list_item a:hover {\n    text-decoration: underline;\n}\n@media (max-width: 1023px) {.toc__title {font-size: 24px;line-height: 32px;}}\n<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-hidden-risk-behind-a-scan\">The Hidden Risk Behind a Scan<\/h2>\n\n\n\n<p>At its core, quishing is exactly what it sounds like: phishing delivered through QR codes.<\/p>\n\n\n\n<p>No suspicious link to click, just a QR code scan that leads to a malicious destination. And the endpoint can be: a fake login page, a fraudulent payment portal, a malware download, or a website designed to collect personal information.<\/p>\n\n\n<div class=\"block__bord\"><div class=\"block__bord_desc\"><p>Different than traditional phishing emails where users can inspect links, hover over URLs, or notice suspicious domain names, the QR code wraps all the info behind a visual element that managed to gain most users&#8217; trust. That\u2019s what makes the attack more sophisticated.<\/p>\n<\/div><\/div>\n<style>\n.block__bord { margin: 32px 0; padding: 1.25em 2.375em;\tborder-radius: 24px; background: rgba(0, 220, 200, 0.20); }\n.block__bord_desc {font-size: 16px !important;font-weight: 400 !important;color: #606060 !important;}\n<\/style>\n\n\n\n<p>In many cases, the users don&#8217;t even realize anything is wrong until after they submit the sensitive information.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-users-trust-qr-codes-more-than-they-should\">Why Users Trust QR Codes More Than They Should<\/h2>\n\n\n\n<p>QR codes aren&#8217;t dangerous. Creating a layer of separation between the user and the destination is.<\/p>\n\n\n\n<p>When someone clicks a link, they&#8217;re usually making a conscious decision based on information they can see. For example, when a scammer asks you to verify your payment details by clicking a link like <a href=\"http:\/\/www.paypalls.gg\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">www.paypalls.gg<\/a>, you will probably spot the scam, ignore and\/or report the request.\u00a0<\/p>\n\n\n\n<p>With QR codes, the process works differently because they\u2019re so commonly used. In restaurants, grocery shopping, bus stations, etc., QR codes are almost automatically scanned.<\/p>\n\n\n\n<p>You scan QR codes daily to pay for parking, to connect to Wi-Fi, or to claim a promotional offer. The fact that most of these experiences are completely legitimate has gradually trained users to treat QR codes as routine rather than potentially risky. They gained trust before being verified.<\/p>\n\n\n\n<p>It is this familiarity that creates an opportunity for attackers. A QR code doesn&#8217;t look suspicious. In fact, the more ordinary it appears, the more likely users are to trust it.<\/p>\n\n\n\n<p>That&#8217;s one of the biggest reasons quishing has grown so quickly, exploiting the users\u2019 expectations instead of a software vulnerability.<\/p>\n\n\n<div class=\"block__preview\">\n        <a href=\"https:\/\/adex.com\/blog\/phishing-alert-telegram-fraud\/\" class=\"block__preview_img\"><img src=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2025\/07\/Adex-Telegram-fraud-account-hijacking.png\" srcset=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2025\/07\/Adex-Telegram-fraud-account-hijacking.png\" sizes=\"100vw\" alt=\"Adex-Telegram-fraud-account-hijacking\" decoding=\"async\" class=\"lazy\"><\/a>\n    <div class=\"block__preview_box\">\n        <a href=\"https:\/\/adex.com\/blog\/category\/current_risks\/\" class=\"block__preview_box-cat\">Current risks<\/a>        <h3 class=\"block__preview_box-title\" id=\"phishing-scam-alert-telegram-fraud-and-account-hijacking-prevented\"><a href=\"https:\/\/adex.com\/blog\/phishing-alert-telegram-fraud\/\">[Phishing Scam Alert] Telegram Fraud and Account Hijacking Prevented<\/a><\/h3>\n    <\/div>\n<\/div>\n<style>\n.block__preview {display: flex;align-items: center;justify-content: center; margin: 32px 0;}\n.block__preview a {text-decoration: none;}\n.block__preview_img {min-width: 360px;max-width: 360px;min-height: 188px;width: 100%;height: 100%;}\n.block__preview_img img {width: 100%;height: 100%;}\n.block__preview_box {margin-left: 40px;max-width: 360px;}\n.block__preview_box-cat {color: #00B8A7 !important;font-weight: 600;font-size: 12px;line-height: 16px;text-transform: uppercase; display: block; margin-bottom: 4px;}\n.block__preview_box-cat:hover {color: #FE645A !important; text-decoration: none !important;}\n.block__preview_box-title {font-size: 20px;font-weight: 700;line-height: 24px;color: #0B172D;}\n.block__preview_box-title a {color: #0B172D !important;}\n.block__preview_box-title a:hover {color: #FE645A !important;}\n@media screen and (max-width: 768px) {.block__preview {flex-direction: column;}.block__preview_box {max-width: 100%; margin-top: 32px;margin-left: 0px;}.block__preview_img {max-width: 100%;min-width: 100%;min-height: 100%;}}<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-a-legitimate-looking-ad-can-turn-into-a-scam\">How a Legitimate-Looking Ad Can Turn Into a Scam<\/h2>\n\n\n\n<p>Many people still associate phishing with an email scam. When in reality, QR codes have expanded the number of places where phishing campaigns can appear.<\/p>\n\n\n\n<p>Malicious QR codes can be embedded into:<\/p>\n\n\n\n<ul style=\"background-color:#d6d6d630\" class=\"wp-block-list has-background\">\n<li>Banner ads<\/li>\n\n\n\n<li>Promotional landing pages<\/li>\n\n\n\n<li>Affiliate campaigns<\/li>\n\n\n\n<li>Social media promotions<\/li>\n\n\n\n<li>App download offers<\/li>\n\n\n\n<li>Digital coupons<\/li>\n\n\n\n<li>Event registration pages<\/li>\n\n\n\n<li>Sponsored content<\/li>\n<\/ul>\n\n\n\n<p>When a user sees a banner promoting a limited-time discount, they&#8217;re encouraged to scan a QR code to access the offer on mobile, instead of clicking a button. The creative looks legitimate, the branding appears familiar, and the promotion itself doesn&#8217;t raise any obvious red flags. After scanning, though, the user lands on a phishing page designed to imitate a retailer, payment provider, cryptocurrency platform, or financial service.<\/p>\n\n\n\n<p>At that point, the attack is already underway.<\/p>\n\n\n\n<p>The interesting part is that the advertisement itself may not contain any visible malicious elements. Everything problematic exists behind the QR code.&nbsp;<\/p>\n\n\n\n<p>That is why it makes advertising campaigns difficult to identify from phishing attempts.\u00a0<\/p>\n\n\n\n<style>\n.quishing-attack-flow-block {\n  max-width: 950px;\n  margin: 24px 0;\n  font-family: Inter, Arial, sans-serif;\n  background: #ffffff;\n  border: 1px solid #ebe8f8;\n  border-radius: 20px;\n  padding: 24px;\n  box-shadow: 0 6px 18px rgba(104, 91, 199, 0.08);\n}\n\n.quishing-attack-flow-block * {\n  box-sizing: border-box;\n}\n\n.quishing-attack-flow-title {\n  margin: 0 0 24px;\n  font-size: 13px;\n  line-height: 1.25;\n  font-weight: 700;\n  letter-spacing: 1px;\n  text-transform: uppercase;\n  color: #685bc7;\n}\n\n.quishing-attack-flow-steps {\n  display: grid;\n  grid-template-columns: repeat(6, 1fr);\n  gap: 26px;\n  align-items: stretch;\n}\n\n.quishing-attack-flow-step {\n  position: relative;\n  min-height: 118px;\n  display: flex;\n  flex-direction: column;\n  align-items: center;\n  justify-content: center;\n  gap: 7px;\n  padding: 14px 10px;\n  background: #ffffff;\n  border: 1px solid #e5e0ff;\n  border-radius: 14px;\n  text-align: center;\n  box-shadow: 0 2px 8px rgba(104, 91, 199, 0.05);\n}\n\n.quishing-attack-flow-step:not(:last-child)::after {\n  content: \"\u2192\";\n  position: absolute;\n  right: -22px;\n  top: 50%;\n  transform: translateY(-50%);\n  font-size: 22px;\n  line-height: 1;\n  font-weight: 700;\n  color: #685bc7;\n}\n\n.quishing-attack-flow-step-orange {\n  background: #fff8ef;\n  border-color: #f5ddb1;\n  box-shadow: 0 2px 8px rgba(217, 119, 6, 0.08);\n}\n\n.quishing-attack-flow-step-red-light {\n  background: #fff5f5;\n  border-color: #ffd6d6;\n  box-shadow: 0 2px 8px rgba(220, 38, 38, 0.08);\n}\n\n.quishing-attack-flow-step-red {\n  background: #ffecec;\n  border-color: #ffbcbc;\n  box-shadow: 0 2px 8px rgba(180, 35, 24, 0.10);\n}\n\n.quishing-attack-flow-icon {\n  display: block;\n  font-size: 25px;\n  line-height: 1;\n}\n\n.quishing-attack-flow-text {\n  display: block;\n  font-size: 13px;\n  line-height: 1.28;\n  font-weight: 700;\n  color: #201547;\n}\n\n.quishing-attack-flow-text-danger {\n  color: #b42318;\n}\n\n.quishing-attack-flow-footer {\n  margin-top: 24px;\n  padding: 16px;\n  background: #f6f4ff;\n  border: 1px solid #e5e0ff;\n  border-radius: 12px;\n  text-align: center;\n}\n\n.quishing-attack-flow-footer-text {\n  margin: 0;\n  font-size: 14px;\n  line-height: 1.6;\n  color: #5f5b7a;\n}\n\n.quishing-attack-flow-footer-text strong {\n  font-weight: 800;\n  color: #201547;\n}\n\n@media (max-width: 820px) {\n  .quishing-attack-flow-steps {\n    grid-template-columns: repeat(3, 1fr);\n    gap: 34px 24px;\n  }\n\n  .quishing-attack-flow-step:nth-child(3)::after {\n    content: \"\u2193\";\n    right: auto;\n    left: 50%;\n    top: auto;\n    bottom: -29px;\n    transform: translateX(-50%);\n  }\n\n  .quishing-attack-flow-step:nth-child(4)::after,\n  .quishing-attack-flow-step:nth-child(5)::after {\n    content: \"\u2192\";\n  }\n\n  .quishing-attack-flow-step {\n    min-height: 108px;\n  }\n}\n\n@media (max-width: 560px) {\n  .quishing-attack-flow-block {\n    margin: 20px 0;\n    padding: 20px;\n    border-radius: 18px;\n  }\n\n  .quishing-attack-flow-title {\n    margin-bottom: 20px;\n    font-size: 12px;\n  }\n\n  .quishing-attack-flow-steps {\n    grid-template-columns: 1fr;\n    gap: 32px;\n  }\n\n  .quishing-attack-flow-step {\n    min-height: auto;\n    padding: 14px;\n  }\n\n  .quishing-attack-flow-step:not(:last-child)::after,\n  .quishing-attack-flow-step:nth-child(3)::after,\n  .quishing-attack-flow-step:nth-child(4)::after,\n  .quishing-attack-flow-step:nth-child(5)::after {\n    content: \"\u2193\";\n    right: auto;\n    left: 50%;\n    top: auto;\n    bottom: -27px;\n    transform: translateX(-50%);\n    font-size: 20px;\n  }\n\n  .quishing-attack-flow-icon {\n    font-size: 24px;\n  }\n\n  .quishing-attack-flow-text {\n    font-size: 13px;\n  }\n\n  .quishing-attack-flow-footer {\n    margin-top: 22px;\n    padding: 14px;\n  }\n\n  .quishing-attack-flow-footer-text {\n    font-size: 13px;\n  }\n}\n<\/style>\n\n<div class=\"quishing-attack-flow-block\">\n  <div class=\"quishing-attack-flow-title\">\n    How a Quishing Attack Works\n  <\/div>\n\n  <div class=\"quishing-attack-flow-steps\">\n    <div class=\"quishing-attack-flow-step\">\n      <span class=\"quishing-attack-flow-icon\" aria-hidden=\"true\">\ud83d\udce2<\/span>\n      <span class=\"quishing-attack-flow-text\">Banner Ad<br>or Promo<\/span>\n    <\/div>\n\n    <div class=\"quishing-attack-flow-step\">\n      <span class=\"quishing-attack-flow-icon\" aria-hidden=\"true\">\ud83d\udcf1<\/span>\n      <span class=\"quishing-attack-flow-text\">User Scans<br>QR Code<\/span>\n    <\/div>\n\n    <div class=\"quishing-attack-flow-step\">\n      <span class=\"quishing-attack-flow-icon\" aria-hidden=\"true\">\ud83c\udf10<\/span>\n      <span class=\"quishing-attack-flow-text\">Mobile Page<br>Opens<\/span>\n    <\/div>\n\n    <div class=\"quishing-attack-flow-step quishing-attack-flow-step-orange\">\n      <span class=\"quishing-attack-flow-icon\" aria-hidden=\"true\">\ud83d\udd10<\/span>\n      <span class=\"quishing-attack-flow-text\">Fake Login or<br>Payment Portal<\/span>\n    <\/div>\n\n    <div class=\"quishing-attack-flow-step quishing-attack-flow-step-red-light\">\n      <span class=\"quishing-attack-flow-icon\" aria-hidden=\"true\">\ud83d\udcdd<\/span>\n      <span class=\"quishing-attack-flow-text\">User Shares<br>Information<\/span>\n    <\/div>\n\n    <div class=\"quishing-attack-flow-step quishing-attack-flow-step-red\">\n      <span class=\"quishing-attack-flow-icon\" aria-hidden=\"true\">\u26a0\ufe0f<\/span>\n      <span class=\"quishing-attack-flow-text quishing-attack-flow-text-danger\">Credentials \/<br>Data Stolen<\/span>\n    <\/div>\n  <\/div>\n\n  <div class=\"quishing-attack-flow-footer\">\n    <p class=\"quishing-attack-flow-footer-text\">\n      A malicious QR code often hides the most important part of the journey: <strong>the destination.<\/strong>\n    <\/p>\n  <\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-this-becomes-an-advertising-problem\">Why This Becomes an Advertising Problem<\/h2>\n\n\n\n<p>As users scan a QR code from a promotion and end up on a phishing page, they typically remember the bad interaction happened and become skeptical.<\/p>\n\n\n\n<p>From the user&#8217;s perspective, the experience happened on an ad potentially leading to complaints, negative feedback, reduced trust, and in the long-run. After all, the digital advertising ecosystem depends on trust. Users need to trust the ads, and advertisers need to trust the traffic they buy.<\/p>\n\n\n\n<p>Phishing campaigns undermine that trust for EVERYONE involved in this chain. Even when malicious campaigns are eventually removed, the damage to user perception can linger long after the original threat disappears.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"why-attackers-are-betting-on-qr-codes\">Why Attackers Are Betting on QR Codes<\/h2>\n\n\n\n<p>Several trends have made QR-based phishing particularly attractive throughout the recent few years.<\/p>\n\n\n\n<p>1. <strong>Simple adoption<\/strong><\/p>\n\n\n\n<p>First, QR codes have gone from being a niche tool to an everyday part of digital life \u2013 the more common they become, the less attention users pay to individual scans.<\/p>\n\n\n\n<p>2. <strong>Mobile behavior<\/strong><\/p>\n\n\n\n<p>People spend more time on smartphones than ever before, and QR codes fit naturally into mobile experiences because they remove friction and make navigation easier.<\/p>\n\n\n\n<p>At the same time, mobile devices also make verification less likely. URLs are less visible, screens are smaller, and users tend to move quickly between pages. As a result, people often focus on completing an action rather than validating the destination.<\/p>\n\n\n\n<p>And, there&#8217;s also a third factor that doesn&#8217;t get discussed as often\u2026<\/p>\n\n\n\n<p>3. <strong>Traditional phishing channels have become harder to exploit<\/strong><\/p>\n\n\n\n<p>Email security has improved, browser protections are stronger, and users have become more skeptical of suspicious links.<\/p>\n\n\n\n<p>At the same time, QR codes haven&#8217;t yet developed the same reputation, and this is what is making QR codes an attractive alternative to scam users.\u00a0<\/p>\n\n\n\n<style>\n.quishing-common-block {\n  max-width: 900px;\n  margin: 24px 0;\n  font-family: Inter, Arial, sans-serif;\n  background: #ffffff;\n  border: 1px solid #ebe8f8;\n  border-radius: 20px;\n  padding: 28px;\n  box-shadow: 0 6px 18px rgba(104, 91, 199, 0.08);\n}\n\n.quishing-common-block * {\n  box-sizing: border-box;\n}\n\n.quishing-common-title {\n  margin: 0 0 28px;\n  font-size: 13px;\n  line-height: 1.25;\n  font-weight: 700;\n  letter-spacing: 1px;\n  text-transform: uppercase;\n  color: #685bc7;\n  text-align: center;\n}\n\n.quishing-common-layout {\n  display: grid;\n  grid-template-columns: 1fr 1.2fr 1fr;\n  gap: 14px;\n  align-items: center;\n}\n\n.quishing-common-column {\n  display: flex;\n  flex-direction: column;\n  gap: 14px;\n}\n\n.quishing-common-item {\n  min-height: 96px;\n  display: flex;\n  flex-direction: column;\n  justify-content: center;\n  align-items: center;\n  gap: 6px;\n  background: #ffffff;\n  border: 1px solid #e5e0ff;\n  border-radius: 14px;\n  padding: 14px;\n  text-align: center;\n}\n\n.quishing-common-icon {\n  display: block;\n  font-size: 24px;\n  line-height: 1;\n}\n\n.quishing-common-item-text {\n  display: block;\n  font-size: 14px;\n  line-height: 1.3;\n  font-weight: 700;\n  color: #201547;\n}\n\n.quishing-common-center {\n  display: flex;\n  justify-content: center;\n  align-items: center;\n}\n\n.quishing-common-circle {\n  width: 240px;\n  height: 240px;\n  border-radius: 50%;\n  background: #f6f4ff;\n  border: 3px solid #685bc7;\n  display: flex;\n  flex-direction: column;\n  justify-content: center;\n  align-items: center;\n  gap: 10px;\n  text-align: center;\n  padding: 24px;\n}\n\n.quishing-common-circle-icon {\n  display: block;\n  font-size: 34px;\n  line-height: 1;\n}\n\n.quishing-common-circle-text {\n  display: block;\n  font-size: 22px;\n  line-height: 1.3;\n  font-weight: 800;\n  color: #201547;\n}\n\n.quishing-common-note {\n  margin-top: 28px;\n  padding: 16px;\n  background: #f6f4ff;\n  border: 1px solid #e5e0ff;\n  border-radius: 12px;\n  text-align: center;\n}\n\n.quishing-common-note-text {\n  margin: 0;\n  font-size: 14px;\n  line-height: 1.6;\n  color: #5f5b7a;\n}\n\n@media (max-width: 760px) {\n  .quishing-common-block {\n    padding: 24px;\n  }\n\n  .quishing-common-layout {\n    grid-template-columns: 1fr;\n    gap: 16px;\n  }\n\n  .quishing-common-center {\n    order: -1;\n  }\n\n  .quishing-common-circle {\n    width: 220px;\n    height: 220px;\n  }\n\n  .quishing-common-circle-text {\n    font-size: 20px;\n  }\n\n  .quishing-common-column {\n    gap: 12px;\n  }\n\n  .quishing-common-item {\n    min-height: auto;\n    padding: 14px;\n  }\n}\n\n@media (max-width: 520px) {\n  .quishing-common-block {\n    margin: 20px 0;\n    padding: 20px;\n    border-radius: 18px;\n  }\n\n  .quishing-common-title {\n    margin-bottom: 22px;\n    font-size: 12px;\n  }\n\n  .quishing-common-circle {\n    width: 190px;\n    height: 190px;\n    padding: 20px;\n  }\n\n  .quishing-common-circle-icon {\n    font-size: 30px;\n  }\n\n  .quishing-common-circle-text {\n    font-size: 18px;\n  }\n\n  .quishing-common-icon {\n    font-size: 22px;\n  }\n\n  .quishing-common-item-text {\n    font-size: 13px;\n  }\n\n  .quishing-common-note {\n    margin-top: 22px;\n    padding: 14px;\n  }\n\n  .quishing-common-note-text {\n    font-size: 13px;\n  }\n}\n<\/style>\n\n<div class=\"quishing-common-block\">\n  <div class=\"quishing-common-title\">\n    Why Quishing Is Becoming More Common\n  <\/div>\n\n  <div class=\"quishing-common-layout\">\n    <div class=\"quishing-common-column\">\n      <div class=\"quishing-common-item\">\n        <span class=\"quishing-common-icon\" aria-hidden=\"true\">\ud83d\udcf1<\/span>\n        <span class=\"quishing-common-item-text\">Mobile-First Browsing<\/span>\n      <\/div>\n\n      <div class=\"quishing-common-item\">\n        <span class=\"quishing-common-icon\" aria-hidden=\"true\">\u26a1<\/span>\n        <span class=\"quishing-common-item-text\">Faster User Actions<\/span>\n      <\/div>\n    <\/div>\n\n    <div class=\"quishing-common-center\">\n      <div class=\"quishing-common-circle\">\n        <span class=\"quishing-common-circle-icon\" aria-hidden=\"true\">\u26a0\ufe0f<\/span>\n        <span class=\"quishing-common-circle-text\">Growing<br>Quishing Threat<\/span>\n      <\/div>\n    <\/div>\n\n    <div class=\"quishing-common-column\">\n      <div class=\"quishing-common-item\">\n        <span class=\"quishing-common-icon\" aria-hidden=\"true\">\ud83d\udd33<\/span>\n        <span class=\"quishing-common-item-text\">Widespread QR Code Adoption<\/span>\n      <\/div>\n\n      <div class=\"quishing-common-item\">\n        <span class=\"quishing-common-icon\" aria-hidden=\"true\">\ud83d\udd17<\/span>\n        <span class=\"quishing-common-item-text\">Hidden Destinations<\/span>\n      <\/div>\n\n      <div class=\"quishing-common-item\">\n        <span class=\"quishing-common-icon\" aria-hidden=\"true\">\ud83d\udee1\ufe0f<\/span>\n        <span class=\"quishing-common-item-text\">Stronger Traditional Phishing Defenses<\/span>\n      <\/div>\n    <\/div>\n  <\/div>\n\n  <div class=\"quishing-common-note\">\n    <p class=\"quishing-common-note-text\">\n      Attackers often move toward channels where users are less suspicious.\n    <\/p>\n  <\/div>\n<\/div>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"the-tricks-youll-see-again-and-again\">The Tricks You&#8217;ll See Again and Again<\/h2>\n\n\n\n<p>While quishing campaigns vary widely, most follow a handful of familiar patterns, which we are going to share with you below:<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"fake-discounts-and-limited-time-offers\">Fake Discounts and Limited-Time Offers<\/h3>\n\n\n\n<p>Urgency remains one of the oldest tricks in the phishing playbook. Users are encouraged to scan a QR code to unlock a discount, receive cashback, claim a gift card, or access an exclusive promotion. Once they arrive at the destination, they&#8217;re asked to provide account credentials or payment information.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"account-verification-requests\">Account Verification Requests<\/h3>\n\n\n\n<p>Some campaigns impersonate trusted services and claim that users need to verify account details, update passwords, or confirm payment information. The QR code serves as a shortcut to a convincing phishing page, where a user can share their personal details.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"mobile-app-downloads\">Mobile App Downloads<\/h3>\n\n\n\n<p>Attackers sometimes disguise malicious destinations as software downloads, app updates, and\/or premium features. The QR code redirects them where it\u2019s convenient for the scammer, instead of redirecting users to an official app store.&nbsp;<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"event-and-registration-scams\">Event and Registration Scams<\/h3>\n\n\n\n<p>Registration forms are another popular target in 2026. Users are promised access to an event, webinar, conference, or exclusive content, when in fact the registration page is fraudulent.<\/p>\n\n\n<div class=\"block__preview\">\n        <a href=\"https:\/\/adex.com\/blog\/triada-malvertising-case-study\/\" class=\"block__preview_img\"><img src=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2025\/12\/adex-investigarion-triada-infected-campaigns.png\" srcset=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2025\/12\/adex-investigarion-triada-infected-campaigns.png\" sizes=\"100vw\" alt=\"adex-investigation-triada-infected-campaigns\" decoding=\"async\" class=\"lazy\"><\/a>\n    <div class=\"block__preview_box\">\n        <a href=\"https:\/\/adex.com\/blog\/category\/current_risks\/\" class=\"block__preview_box-cat\">Current risks<\/a>        <h3 class=\"block__preview_box-title\" id=\"inside-the-triada-battle-a-five-year-investigation-and-the-security-upgrades-it-triggered\"><a href=\"https:\/\/adex.com\/blog\/triada-malvertising-case-study\/\">Inside the Triada Battle: A Five-Year Investigation and the Security Upgrades It Triggered<\/a><\/h3>\n    <\/div>\n<\/div>\n<style>\n.block__preview {display: flex;align-items: center;justify-content: center; margin: 32px 0;}\n.block__preview a {text-decoration: none;}\n.block__preview_img {min-width: 360px;max-width: 360px;min-height: 188px;width: 100%;height: 100%;}\n.block__preview_img img {width: 100%;height: 100%;}\n.block__preview_box {margin-left: 40px;max-width: 360px;}\n.block__preview_box-cat {color: #00B8A7 !important;font-weight: 600;font-size: 12px;line-height: 16px;text-transform: uppercase; display: block; margin-bottom: 4px;}\n.block__preview_box-cat:hover {color: #FE645A !important; text-decoration: none !important;}\n.block__preview_box-title {font-size: 20px;font-weight: 700;line-height: 24px;color: #0B172D;}\n.block__preview_box-title a {color: #0B172D !important;}\n.block__preview_box-title a:hover {color: #FE645A !important;}\n@media screen and (max-width: 768px) {.block__preview {flex-direction: column;}.block__preview_box {max-width: 100%; margin-top: 32px;margin-left: 0px;}.block__preview_img {max-width: 100%;min-width: 100%;min-height: 100%;}}<\/style>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"where-ad-networks-enter-the-picture\">Where Ad Networks Enter the Picture<\/h2>\n\n\n\n<p>No security system can eliminate every threat completely. However, responsible ad networks implement multiple layers of protection, designed to reduce the likelihood of malicious campaigns reaching users.<\/p>\n\n\n\n<p>These measures often include:<\/p>\n\n\n\n<ul style=\"background-color:#d6d6d630\" class=\"wp-block-list has-background\">\n<li>Advertiser verification<\/li>\n\n\n\n<li>Creative review processes<\/li>\n\n\n\n<li>Landing page analysis<\/li>\n\n\n\n<li>Automated threat detection<\/li>\n\n\n\n<li>Ongoing monitoring after campaign approval<\/li>\n<\/ul>\n\n\n\n<p>The problem that quishing introduces is an additional layer that isn&#8217;t always visible during a standard creative review. A banner may look completely legitimate while the QR code points somewhere unexpected, or in some cases, dynamic QR codes can even change destinations over time. All of which underline the continuous monitoring, making it just as important as the initial review process.<\/p>\n\n\n\n<p>Specifically why security in digital advertising is rarely a one-time task. Threat actors constantly adapt their methods, and detection systems must evolve alongside them.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"watch-out-for-these-signals\">Watch Out for These Signals<\/h2>\n\n\n\n<p>Not every QR code deserves suspicion, as most campaigns using them are entirely legitimate.<\/p>\n\n\n\n<style>\n.quishing-red-flags-block {\n  max-width: 820px;\n  margin: 24px 0;\n  font-family: Inter, Arial, sans-serif;\n  background: #ffffff;\n  border: 1px solid #ebe8f8;\n  border-radius: 20px;\n  padding: 24px;\n  box-shadow: 0 6px 18px rgba(104, 91, 199, 0.08);\n}\n\n.quishing-red-flags-block * {\n  box-sizing: border-box;\n}\n\n.quishing-red-flags-title {\n  margin: 0 0 22px;\n  font-size: 13px;\n  line-height: 1.25;\n  font-weight: 700;\n  letter-spacing: 1px;\n  text-transform: uppercase;\n  color: #685bc7;\n}\n\n.quishing-red-flags-alert {\n  display: flex;\n  align-items: center;\n  gap: 10px;\n  margin-bottom: 18px;\n  padding: 18px;\n  background: #fff8ef;\n  border: 1px solid #f5ddb1;\n  border-radius: 16px;\n  color: #b45309;\n}\n\n.quishing-red-flags-alert-icon {\n  font-size: 18px;\n  line-height: 1;\n}\n\n.quishing-red-flags-alert-text {\n  font-size: 15px;\n  line-height: 1.25;\n  font-weight: 700;\n}\n\n.quishing-red-flags-grid {\n  display: grid;\n  grid-template-columns: repeat(auto-fit, minmax(260px, 1fr));\n  gap: 12px;\n}\n\n.quishing-red-flags-item {\n  display: flex;\n  align-items: flex-start;\n  gap: 12px;\n  min-height: 72px;\n  padding: 14px;\n  background: #ffffff;\n  border: 1px solid #e5e0ff;\n  border-radius: 14px;\n}\n\n.quishing-red-flags-icon {\n  flex: 0 0 auto;\n  font-size: 18px;\n  line-height: 1.3;\n}\n\n.quishing-red-flags-text {\n  margin: 0;\n  font-size: 14px;\n  line-height: 1.5;\n  font-weight: 600;\n  color: #201547;\n}\n\n.quishing-red-flags-note {\n  margin-top: 20px;\n  padding: 18px;\n  background: #f6f4ff;\n  border: 1px solid #e5e0ff;\n  border-radius: 14px;\n}\n\n.quishing-red-flags-note-title {\n  margin: 0 0 6px;\n  font-size: 14px;\n  line-height: 1.25;\n  font-weight: 700;\n  color: #201547;\n}\n\n.quishing-red-flags-note-text {\n  margin: 0;\n  font-size: 14px;\n  line-height: 1.6;\n  color: #5f5b7a;\n}\n\n@media (max-width: 640px) {\n  .quishing-red-flags-block {\n    margin: 20px 0;\n    padding: 20px;\n    border-radius: 18px;\n  }\n\n  .quishing-red-flags-title {\n    margin-bottom: 18px;\n    font-size: 12px;\n  }\n\n  .quishing-red-flags-alert {\n    padding: 15px;\n  }\n\n  .quishing-red-flags-alert-text {\n    font-size: 14px;\n  }\n\n  .quishing-red-flags-grid {\n    grid-template-columns: 1fr;\n  }\n\n  .quishing-red-flags-item {\n    min-height: auto;\n    padding: 13px;\n  }\n\n  .quishing-red-flags-text {\n    font-size: 13px;\n  }\n\n  .quishing-red-flags-note {\n    margin-top: 18px;\n    padding: 15px;\n  }\n\n  .quishing-red-flags-note-title,\n  .quishing-red-flags-note-text {\n    font-size: 13px;\n  }\n}\n<\/style>\n\n<div class=\"quishing-red-flags-block\">\n  <div class=\"quishing-red-flags-title\">\n    6 Red Flags of a Suspicious QR Campaign\n  <\/div>\n\n  <div class=\"quishing-red-flags-alert\">\n    <span class=\"quishing-red-flags-alert-icon\" aria-hidden=\"true\">\u26a0\ufe0f<\/span>\n    <span class=\"quishing-red-flags-alert-text\">Quick Safety Check<\/span>\n  <\/div>\n\n  <div class=\"quishing-red-flags-grid\">\n    <div class=\"quishing-red-flags-item\">\n      <span class=\"quishing-red-flags-icon\" aria-hidden=\"true\">\ud83d\udea9<\/span>\n      <p class=\"quishing-red-flags-text\">QR code isn&#8217;t necessary for the action<\/p>\n    <\/div>\n\n    <div class=\"quishing-red-flags-item\">\n      <span class=\"quishing-red-flags-icon\" aria-hidden=\"true\">\ud83d\udea9<\/span>\n      <p class=\"quishing-red-flags-text\">Excessive urgency (&#8220;Act Now&#8221;, &#8220;Expires Today&#8221;)<\/p>\n    <\/div>\n\n    <div class=\"quishing-red-flags-item\">\n      <span class=\"quishing-red-flags-icon\" aria-hidden=\"true\">\ud83d\udea9<\/span>\n      <p class=\"quishing-red-flags-text\">Branding changes after scanning<\/p>\n    <\/div>\n\n    <div class=\"quishing-red-flags-item\">\n      <span class=\"quishing-red-flags-icon\" aria-hidden=\"true\">\ud83d\udea9<\/span>\n      <p class=\"quishing-red-flags-text\">Multiple redirects<\/p>\n    <\/div>\n\n    <div class=\"quishing-red-flags-item\">\n      <span class=\"quishing-red-flags-icon\" aria-hidden=\"true\">\ud83d\udea9<\/span>\n      <p class=\"quishing-red-flags-text\">Requests for passwords or payment details<\/p>\n    <\/div>\n\n    <div class=\"quishing-red-flags-item\">\n      <span class=\"quishing-red-flags-icon\" aria-hidden=\"true\">\ud83d\udea9<\/span>\n      <p class=\"quishing-red-flags-text\">Offer seems too good to be true<\/p>\n    <\/div>\n  <\/div>\n\n  <div class=\"quishing-red-flags-note\">\n    <p class=\"quishing-red-flags-note-title\">Remember<\/p>\n    <p class=\"quishing-red-flags-note-text\">\n      One warning sign doesn&#8217;t automatically mean fraud. Several appearing together deserve closer attention.\n    <\/p>\n  <\/div>\n<\/div>\n\n\n\n<p>Although individually, these signals don&#8217;t prove malicious intent, it is strongly advised to pay attention when several of them appear together.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"final-thoughts\">Final Thoughts<\/h2>\n\n\n\n<p>With quishing, users might think that QR codes are dangerous. When in fact a QR code is just another way of delivering a destination, not a direct source of digital threat. It can open a restaurant menu, launch an app download, complete a purchase, or, in scam cases, direct a user toward a phishing page.<\/p>\n\n\n\n<p>The technology itself is harmless, and what defines the term <em>quishing<\/em> is the trust users place in the process. People learned to question suspicious emails and unfamiliar links, but QR codes often bypass those instincts because they feel more familiar. For this precise reason, users scan first and think later.<\/p>\n\n\n\n<p>Often, the consequences extend beyond individual victims. A single malicious campaign can affect user confidence, ad reputation, and trust across the broader advertising ecosystem. As QR codes continue to spread across advertising, eCommerce, payments, and mobile experiences, they will remain a valuable tool for legitimate businesses. At the same time, they&#8217;ll continue attracting attackers looking for new ways to reach potential victims.<\/p>\n\n\n<div class=\"block__bord\"><div class=\"block__bord_desc\"><p>Choosing trusted partners matters just as much as monitoring the traffic. And every partner must go through a verification process designed to help maintain a safe advertising environment for both ends of the ad. While it can be more difficult to eliminate risk entirely, multiple review and monitoring layers help minimize the chances of malicious content making its way into your campaigns.<\/p>\n<\/div><\/div>\n<style>\n.block__bord { margin: 32px 0; padding: 1.25em 2.375em;\tborder-radius: 24px; background: rgba(0, 220, 200, 0.20); }\n.block__bord_desc {font-size: 16px !important;font-weight: 400 !important;color: #606060 !important;}\n<\/style>\n\n\n    <div class=\"block__buttons\">\n        <a href=\"https:\/\/app.adex.com\/auth\/login\" class=\"block__buttons_btn\">JOIN ADEX<\/a>    <\/div>\n<style>\n    .block__buttons {\n        text-align: center;\n    }\n\n    .block__buttons_btn {\n        background-color: rgba(254, 100, 90, 1) !important;\n        border-radius: 200px !important;\n        padding: 16px 24px !important;\n        font-weight: 600 !important;\n        font-size: 18px !important;\n        line-height: 24px !important;\n        text-align: center !important;\n        display: inline-block !important;\n        color: #fff !important;\n        text-decoration: none !important;\n        text-transform: uppercase !important;\n    }\n\n    .block__buttons_btn:hover {\n        color: rgba(11, 31, 58, 1) !important;\n    }\n<\/style>\n","protected":false},"excerpt":{"rendered":"<p>What if that harmless QR code in an ad is actually hiding a phishing page? This article explains how quishing in ads works, why users trust the scan, and which warning signs can help catch the risk earlier.<\/p>\n","protected":false},"author":8,"featured_media":5874,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[4],"tags":[18,16],"class_list":["post-5846","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current_risks","tag-fraud","tag-threat"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Quishing in Ads: How QR Codes Hide Phishing Pages<\/title>\n<meta name=\"description\" content=\"Learn how quishing in ads hides phishing pages behind QR codes, why users trust scans, and how to spot risky campaigns.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Quishing in Ads: How QR Codes Hide Phishing Pages\" \/>\n<meta property=\"og:description\" content=\"Learn how quishing in ads hides phishing pages behind QR codes, why users trust scans, and how to spot risky campaigns.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/\" \/>\n<meta property=\"og:site_name\" content=\"ADEX\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/adexsaas\/\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-26T11:16:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-26T11:19:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-quishing-in-ads.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Olya Mikheeva\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@adexsaas\" \/>\n<meta name=\"twitter:site\" content=\"@adexsaas\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Mikheeva\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/\"},\"author\":{\"name\":\"Olya Mikheeva\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/person\\\/c5794aef7aa28987e7019a804390ee3a\"},\"headline\":\"Quishing in Ads: How QR Codes Can Lead Users to Phishing Pages\",\"datePublished\":\"2026-06-26T11:16:07+00:00\",\"dateModified\":\"2026-06-26T11:19:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/\"},\"wordCount\":1593,\"publisher\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/adex-quishing-in-ads.png\",\"keywords\":[\"Fraud\",\"Threat\"],\"articleSection\":[\"Current risks\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/\",\"name\":\"Quishing in Ads: How QR Codes Hide Phishing Pages\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/adex-quishing-in-ads.png\",\"datePublished\":\"2026-06-26T11:16:07+00:00\",\"dateModified\":\"2026-06-26T11:19:12+00:00\",\"description\":\"Learn how quishing in ads hides phishing pages behind QR codes, why users trust scans, and how to spot risky campaigns.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#primaryimage\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/adex-quishing-in-ads.png\",\"contentUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/adex-quishing-in-ads.png\",\"width\":1200,\"height\":628,\"caption\":\"What if that harmless QR code in an ad is actually hiding a phishing page? This article explains how quishing in ads works\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/quishing-in-ads-qr-code-phishing\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/adex.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Quishing in Ads: How QR Codes Can Lead Users to Phishing Pages\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/\",\"name\":\"ADEX - Ad Fraud & Invalid Traffic Prevention Platform\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#organization\"},\"alternateName\":\"ADEX\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/adex.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#organization\",\"name\":\"ADEX - Ad Fraud & Invalid Traffic Prevention Platform\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/CDD2258_copy-48-1.svg\",\"contentUrl\":\"https:\\\/\\\/adex.com\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/CDD2258_copy-48-1.svg\",\"width\":148,\"height\":30,\"caption\":\"ADEX - Ad Fraud & Invalid Traffic Prevention Platform\"},\"image\":{\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/adexsaas\\\/\",\"https:\\\/\\\/x.com\\\/adexsaas\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/adex.com\\\/blog\\\/#\\\/schema\\\/person\\\/c5794aef7aa28987e7019a804390ee3a\",\"name\":\"Olya Mikheeva\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g\",\"caption\":\"Olya Mikheeva\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Quishing in Ads: How QR Codes Hide Phishing Pages","description":"Learn how quishing in ads hides phishing pages behind QR codes, why users trust scans, and how to spot risky campaigns.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/","og_locale":"en_US","og_type":"article","og_title":"Quishing in Ads: How QR Codes Hide Phishing Pages","og_description":"Learn how quishing in ads hides phishing pages behind QR codes, why users trust scans, and how to spot risky campaigns.","og_url":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/","og_site_name":"ADEX","article_publisher":"https:\/\/www.facebook.com\/adexsaas\/","article_published_time":"2026-06-26T11:16:07+00:00","article_modified_time":"2026-06-26T11:19:12+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-quishing-in-ads.png","type":"image\/png"}],"author":"Olya Mikheeva","twitter_card":"summary_large_image","twitter_creator":"@adexsaas","twitter_site":"@adexsaas","twitter_misc":{"Written by":"Olya Mikheeva","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#article","isPartOf":{"@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/"},"author":{"name":"Olya Mikheeva","@id":"https:\/\/adex.com\/blog\/#\/schema\/person\/c5794aef7aa28987e7019a804390ee3a"},"headline":"Quishing in Ads: How QR Codes Can Lead Users to Phishing Pages","datePublished":"2026-06-26T11:16:07+00:00","dateModified":"2026-06-26T11:19:12+00:00","mainEntityOfPage":{"@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/"},"wordCount":1593,"publisher":{"@id":"https:\/\/adex.com\/blog\/#organization"},"image":{"@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-quishing-in-ads.png","keywords":["Fraud","Threat"],"articleSection":["Current risks"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/","url":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/","name":"Quishing in Ads: How QR Codes Hide Phishing Pages","isPartOf":{"@id":"https:\/\/adex.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#primaryimage"},"image":{"@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#primaryimage"},"thumbnailUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-quishing-in-ads.png","datePublished":"2026-06-26T11:16:07+00:00","dateModified":"2026-06-26T11:19:12+00:00","description":"Learn how quishing in ads hides phishing pages behind QR codes, why users trust scans, and how to spot risky campaigns.","breadcrumb":{"@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#primaryimage","url":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-quishing-in-ads.png","contentUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2026\/06\/adex-quishing-in-ads.png","width":1200,"height":628,"caption":"What if that harmless QR code in an ad is actually hiding a phishing page? This article explains how quishing in ads works"},{"@type":"BreadcrumbList","@id":"https:\/\/adex.com\/blog\/quishing-in-ads-qr-code-phishing\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/adex.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Quishing in Ads: How QR Codes Can Lead Users to Phishing Pages"}]},{"@type":"WebSite","@id":"https:\/\/adex.com\/blog\/#website","url":"https:\/\/adex.com\/blog\/","name":"ADEX - Ad Fraud & Invalid Traffic Prevention Platform","description":"","publisher":{"@id":"https:\/\/adex.com\/blog\/#organization"},"alternateName":"ADEX","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/adex.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/adex.com\/blog\/#organization","name":"ADEX - Ad Fraud & Invalid Traffic Prevention Platform","url":"https:\/\/adex.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/adex.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2022\/05\/CDD2258_copy-48-1.svg","contentUrl":"https:\/\/adex.com\/blog\/wp-content\/uploads\/2022\/05\/CDD2258_copy-48-1.svg","width":148,"height":30,"caption":"ADEX - Ad Fraud & Invalid Traffic Prevention Platform"},"image":{"@id":"https:\/\/adex.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/adexsaas\/","https:\/\/x.com\/adexsaas"]},{"@type":"Person","@id":"https:\/\/adex.com\/blog\/#\/schema\/person\/c5794aef7aa28987e7019a804390ee3a","name":"Olya Mikheeva","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7e1ca40f4b08b576bd7c51e8946605febbcaa99bf482f69ead517b1cd512de42?s=96&d=mm&r=g","caption":"Olya Mikheeva"}}]}},"_links":{"self":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts\/5846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/comments?post=5846"}],"version-history":[{"count":6,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts\/5846\/revisions"}],"predecessor-version":[{"id":5852,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/posts\/5846\/revisions\/5852"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/media\/5874"}],"wp:attachment":[{"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/media?parent=5846"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/categories?post=5846"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adex.com\/blog\/wp-json\/wp\/v2\/tags?post=5846"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}