Anti-quishing
QR code phishing protection, scoped honestly
A dynamic QR code is a live link behind a printed image. redireo checks where that link points and puts a safe page in front of scans that look risky — and we are clear about the one attack it cannot stop.
What is quishing?
Quishing is phishing delivered through a QR code. The malicious URL is hidden inside the printed image, so a person cannot read it before their phone opens it. With a dynamic code, the destination can also be changed after the code is printed, which is where account takeover and redirect-domain abuse come in.
How does redireo's anti-quishing work?
Every time you set or change a destination, redireo checks it against reputation signals before it goes live. A destination that looks malicious is blocked or served through a safe interstitial rather than sent straight to the scanner. If a code is suspended or a destination later fails a check, the scan lands on a safe page instead of the suspect URL — scanners are never silently forwarded to a flagged destination.
What does this protect against?
It protects the scanner in two specific cases: a compromised redireo account quietly repointing your live code to a phishing site, and redireo’s own redirect domain being abused as a vector against other customers. Both are attacks on the destination behind the code, which is the part software can actually control.
What does anti-quishing not do?
It does not stop a physical attack. If someone prints a fake QR sticker and pastes it over yours, no redirect layer can help — that is a property of the physical surface, not the link. We say this plainly because the alternative is to imply a protection we do not provide.
Anti-quishing questions
What is quishing?
Quishing is phishing that uses a QR code to carry the malicious link. Because the destination is hidden inside a printed image, a scanner cannot read the URL before their phone opens it, which is exactly what makes a compromised or repointed code dangerous.
What does redireo anti-quishing protect against?
When you set or edit a destination, redireo checks it against reputation signals, and scans are served through a safe page if a destination looks malicious. This protects against a compromised redireo account repointing a live code to a phishing site, and against redireo’s own redirect domain being used as a vector against other customers.
Does anti-quishing stop someone sticking a fake QR code over mine?
No, and we will not claim it does. A physical sticker placed over your printed code is a different attack that no software redirect layer can prevent. Anti-quishing protects the destination behind your code, not the physical surface it is printed on.
Is a destination that passed the check guaranteed safe?
No reputation check is perfect. The check reduces the chance that a flagged or newly malicious destination reaches a scanner, and the scan-time safe page catches destinations that go bad after they were set. It lowers risk; it does not remove it.