The Austrian National Bank and the Austrian Federal Criminal Police Office have warned about a new payment fraud scheme known as quishing, in which criminals use QR codes instead of visible links to direct people to fake websites. The alert covers both physical and digital use cases and highlights a particular risk on smartphones, where the destination page often opens automatically after a QR code is scanned. The fraud relies on users scanning seemingly harmless QR codes without checking the underlying web address. Fake sites can closely imitate legitimate bank or online shop pages, including website addresses that resemble the real ones. The authorities advise treating unexpected emails or letters with impersonal wording or pressure to act quickly with particular caution, avoiding unnecessary QR code scans, checking the web address shown after scanning, and never entering confidential data into online portals reached through a link or QR code. Both authorities said they provide further online information on fraud schemes and detailed recommendations on how to protect against attempted scams.
Austrian National Bank (OeNB)2026-06-16
Austrian National Bank and Austrian Federal Criminal Police Office warn of quishing scams using manipulated QR codes
The Austrian National Bank and the Austrian Federal Criminal Police Office warned about quishing, a payment fraud method that uses manipulated QR codes to send users to fake websites. They said the risk is heightened on smartphones because pages often open automatically after scanning. Users are advised to verify the displayed web address and never enter confidential data on sites reached through a link or QR code.