Quishing is a type of phishing attack that makes use of QR codes to trick victims into visiting legitimate looking but fake websites.

Literature such as letters, leaflets or doctored public signage such as in car parks, trick victims into visiting those fradulent sites and giving away personal details, payment card information or attempt to secretly install malware onto their device.

If you receive a letter that only shows a QR code and not an equivalent printed web address that you can verify is definitely the legitimate companies website, or you see a sticker or similar, placed over an original sign, for example 'how to pay' signage in a car park, be very weary of visiting that site.

Your device will always show you the web address of where the QR code will take you and ask for your permission to go there but many people blindy tap OK!