Skip to main content
Contact us Find branches & ATMs

Kyçu në aplikacionin mobil bankar

Kyçu si individ Kyçu si biznes
news-banner

What is quishing and how to protect yourself

Qr codes have become part of everyday life. From restaurant menus to parking payments and other services, they provide convenience through a quick scan. However, cybercriminals are exploiting this convenience through a type of scam known as quishing.

  • 3 min

What is Quishing?

Quishing (qr-code phishing) is a form of fraud in which criminals create fake qr codes that redirect victims to fraudulent websites or malware downloads.

These qr codes may lead to:

  • Fake banking websites
  • Fraudulent payment portals
  • Downloads of malicious applications
  • Forms used for identity theft

Unlike traditional links, qr codes hide the full url, making it more difficult to verify the destination before opening it.

How does the scam work?

  1. The attacker creates a fake website that imitates the official page of a bank or institution
  2. A qr code is generated that links to this fake website
  3. The code is placed in public locations (posters, menus, wi-fi access points) or sent via email or sms
  4. after scanning, the victim may be asked to enter:
  • online banking credentials
  • card details
  • otp (verification code)
  • personal information

Attackers sometimes place malicious qr codes over legitimate ones to deceive users without raising suspicion. The collected information is then used for unauthorized transactions or identity theft..

Why is it effective?

  • The real link is not visible before opening it
  • Qr codes are generally perceived as safe
  • They are widely used for legitimate purposes
  • It is harder to verify the destination beforehand

How to protect yourself from quishing
Be cautious with qr codes in public places
Do not scan suspicious codes or codes placed over existing ones.


Check the website address
After scanning, carefully verify the url::

  • Is it spelled correctly?
  • Does it start with https?
  • Does it contain unusual characters?

Do not enter personal information
Your bank will never ask for:

  • Your password
  • Your pin
  • Your otp (verification code)
  • Full card details

Use the bank’s official application
For transactions or account access, use only the official app or website by typing the address manually.

Report suspicious cases
If you encounter a qr code claiming to represent the bank, notify the bank immediately through official channels..

Official communication channels of the bank include the phone numbers 038/222-222 and 049/222-222, as well as the official domain raiffeisen-kosovo.com.

If you receive a call, message, or email that appears to come from these numbers or the domain but seems suspicious, stop the communication immediately, do not share any personal or sensitive information, and report it to the bank.