Phishing is no longer limited to suspicious emails or fake websites. A growing trick now targets computer users through something unexpected: QR codes displayed directly on the desktop screen.
It often happens like this:
You are browsing on your PC.
A pop-up appears with a QR code.
It claims you need to “verify your account,” “log in,” or “continue on mobile.”
You scan it with your phone, assuming it is safer.
But that is exactly the trap.
The QR code sends you to a malicious phishing page on your mobile browser. Now the attack has moved from your computer to your phone, bypassing the protections you might have on your PC.
Why this works:
- Users trust QR codes more than links
- Scanning feels safer than clicking
- The transition from desktop to mobile reduces suspicion
- Many security tools focus on the computer, not the phone
How to stay safe:
- Treat QR codes on websites as suspicious
- Never scan codes that appear in pop-ups or unexpected prompts
- Always verify the destination before entering credentials
- Use anti-phishing protection on both desktop and mobile
Phishing attackers are now using the gap between devices. One scan is enough to lose control.
