QR codes have become a normal part of daily life. We scan them to pay bills, view menus, check into buildings, even access government services. As adoption grows, so too does the opportunity for fraud. Criminals are now weaponising QR codes to deceive consumers, employees and even entire organisations. At PORGiESOFT Security, our Threat Intelligence Function has been monitoring the sharp rise in “quishing” - QR-code phishing - across both public and private sectors. A new entry point for fraud A QR code is simply a digital bridge. It connects a physical environment to a web destination in seconds. Fraudsters exploit this by swapping or overlaying genuine codes with malicious ones that redirect to cloned websites or install malware. In 2024, we detected fraudulent QR codes targeting car-park payment machines, event tickets, and council notices. Some even mimicked NHS vaccine booking links during the pandemic’s later stages. The subtlety of the attack – and public familiarity with scann

Local councils and public service bodies are increasingly being impersonated by fraudsters seeking to exploit public trust. Fake text messages about parking fines, energy rebates, or council tax refunds now appear regularly in residents’ inboxes. Behind each one is a criminal attempt to harvest personal information, install malware or steal money. Fraud targeting councils is not new, but the scale and sophistication have evolved dramatically. In recent years, our Fraud Intelligence Function has tracked numerous scam campaigns impersonating local authorities, often using official logos, similar domain names and familiar language. These campaigns exploit both technology and emotion - and without continuous awareness, residents can easily fall victim. Why councils are high-value targets Councils handle a vast range of citizen interactions: benefits, payments, waste collection, housing support, and public health. Fraudsters know that people are more likely to trust a message from their lo

PORGiESOFT Security researched and provided a quantitative map of the UK smishing ecosystem, detailing how threat actors, infrastructure and victims intersect. What did we learn? 1. Attack infrastructure Nearly 99 percent of all messages were written in English, confirming that UK consumers remain a primary focus for global smishing campaigns. The study identified nine distinct classes of smishing messages, from Class A (URL only, 58 %) to Class M (multiple fraud data points, 8.2 %) and smaller reply-based classes (Y and Z) that asked users to text “Y”, “YES”, or “STOP”. Each class revealed a different operational intent - whether to capture clicks, phone calls or conversation engagement. On the organisational side, 13 impersonation levels were mapped. The top three were: Banks (Level B) – 39.4 % of attacks Parcel Delivery Companies (Level P) – 26.3 % Government Departments (Level G) – 16.3 % Together, these sectors accounted for over 80 percent of all UK smishing incidents analysed.