11/20/2025
Sheriff Elliott wants Residents to be aware of “Quishing” Scams
Wagoner County Sheriff Chris Elliott wants to pass on some important information about a new scam in circulation. The Sheriff’s Office is urging residents to watch out for a rapidly growing form of cyber fraud known as “Quishing,” a scam that uses QR codes to trick victims into revealing personal or financial information.
Quishing, or QR phishing, is a cybersecurity threat in which attackers use fraudulent QR codes on emails, flyers, parking meters, restaurant tables, or even legitimate-looking public notices to redirect victims to malicious websites or prompt them to download harmful content. When scanned with a smartphone, these codes can redirect the victim to a fake website designed to steal login credentials, bank information, or install malicious software.
The goal of this attack is to steal sensitive information, such as passwords, financial data, or personally identifiable information (PII), and use that information for other purposes, such as identity theft, financial fraud, or ransomware.
This type of phishing often bypasses conventional defenses like secure email gateways. Notably, QR codes in emails are perceived by many secure email gateways as meaningless images, making the users vulnerable to specific forms of phishing attacks. QR codes can also be presented to intended victims in a number of other ways.
How Quishing Works
• Scammers pose as trusted organizations such as banks, delivery companies, county services, or utilities
• Scammers send urgent or alarming messages prompting immediate action
• Scammers place QR code stickers over legitimate codes in public spaces
• Scammers use emails or texts with QR codes that appear official
Once scanned, the QR code may send users to a dangerous site that looks real but is controlled by criminals.
The Wagoner County Sheriff’s Office recommends the following precautions:
• Verify before you scan - If a QR code looks tampered with, covered by a sticker, or out of place, do not scan it.
• Be cautious with unsolicited messages - Never scan QR codes sent by unknown numbers or unexpected emails.
• Inspect the URL - Many smartphones show the website link before opening it. Make sure it matches the legitimate organization.
• Avoid entering personal information - after scanning a code unless you are certain the site is authentic.
• Manually type in known web addresses - when possible, instead of relying on QR codes.
• Update your phone’s security software to reduce risk from malicious downloads.
Residents who think they may have interacted with a fraudulent QR code should:
• Change any compromised passwords immediately
• Monitor financial accounts and credit reports
• Report the incident to the Wagoner County Sheriff’s Office at 918-485-3124
• File a complaint with the Federal Trade Commission at Reportfraud.ftc.gov
Wagoner County Sheriff Chris Elliott stated “Because QR codes have become part of everyday life from menus to bill payments, criminals are exploiting that trust. We want every Wagoner County resident to pause before scanning and protect themselves from becoming the next victim. Awareness is the strongest defense, and though Quishing is new, the goal is the same as any scam: steal your information and your money.”
Please stay alert, verify QR codes before scanning, and help spread the word to friends, family, and neighbors.
