Anti-quishing

QR code phishing protection, scoped honestly

A dynamic QR code is a live link behind a printed image. redireo checks where that link points and puts a safe page in front of scans that look risky — and we are clear about the one attack it cannot stop.

What is quishing?

Quishing is phishing delivered through a QR code. The malicious URL is hidden inside the printed image, so a person cannot read it before their phone opens it. With a dynamic code, the destination can also be changed after the code is printed, which is where account takeover and redirect-domain abuse come in.

How does redireo's anti-quishing work?

Every time you set or change a destination, redireo checks it against reputation signals before it goes live. A destination that looks malicious is blocked or served through a safe interstitial rather than sent straight to the scanner. If a code is suspended or a destination later fails a check, the scan lands on a safe page instead of the suspect URL — scanners are never silently forwarded to a flagged destination.

What does this protect against?

It protects the scanner in two specific cases: a compromised redireo account quietly repointing your live code to a phishing site, and redireo’s own redirect domain being abused as a vector against other customers. Both are attacks on the destination behind the code, which is the part software can actually control.

What does anti-quishing not do?

It does not stop a physical attack. If someone prints a fake QR sticker and pastes it over yours, no redirect layer can help — that is a property of the physical surface, not the link. We say this plainly because the alternative is to imply a protection we do not provide.

Anti-quishing questions

What is quishing?

Quishing is phishing that uses a QR code to carry the malicious link. Because the destination is hidden inside a printed image, a scanner cannot read the URL before their phone opens it, which is exactly what makes a compromised or repointed code dangerous.

What does redireo anti-quishing protect against?

When you set or edit a destination, redireo checks it against reputation signals, and scans are served through a safe page if a destination looks malicious. This protects against a compromised redireo account repointing a live code to a phishing site, and against redireo’s own redirect domain being used as a vector against other customers.

Does anti-quishing stop someone sticking a fake QR code over mine?

No, and we will not claim it does. A physical sticker placed over your printed code is a different attack that no software redirect layer can prevent. Anti-quishing protects the destination behind your code, not the physical surface it is printed on.

Is a destination that passed the check guaranteed safe?

No reputation check is perfect. The check reduces the chance that a flagged or newly malicious destination reaches a scanner, and the scan-time safe page catches destinations that go bad after they were set. It lowers risk; it does not remove it.

Start free