QR codes are everywhere. Cafes, parking meters, product packaging. We scan them without thinking, and that habit is exactly what attackers are now exploiting.
QR code phishing, also called quishing, has been flagged by both Google and the FBI in 2026 as a serious threat, and it can bypass multi-factor authentication entirely.
In this episode, Charly covers:
What QR codes are and how they became embedded in everyday business
How QR code phishing uses adversary-in-the-middle proxy servers to steal credentials and session tokens
Why scanning a QR code on your phone bypasses the security tools on your computer
QR codes showing up in Google Calendar invites, not just emails
Practical steps to protect yourself, including browser choice and verifying login pages
No single tool or habit keeps you safe here. Understanding how these attacks work is more useful than any checklist.
Book a Free 30 minute Breakthrough Session: https://askcharlyleetham.com/book-me
(1 per person only)
0 comments