The Bangko Sentral ng Pilipinas (BSP) is advising the public to remain vigilant against ‘quishing’, a rising digital payment scam that exploits QR codes, the Philippine Information Agency reported.

During a recent briefing in Bohol, BSP Banking Officer V Dr. Gregorio Baccay III detailed how fraudsters use manipulated QR codes to compromise personal data and steal funds.

“Quishing is a scam where scammers use malicious QR codes to trick people into visiting fake websites, downloading harmful content, or sending cash,” Baccay explained.

Because QR codes mask the underlying web address, users often cannot easily spot a malicious link.

The financial impact is most direct when fraudsters physically paste their own QR codes over legitimate merchant codes, diverting customer payments directly into the scammers’ accounts.

To mitigate these risks, the BSP recommends that consumers only scan codes from verified sources and physically inspect them for signs of tampering, such as stickers placed over the original code.

Users should also preview the URL on their smartphone before opening it and avoid entering sensitive financial details on sites accessed via a QR scan.

Baccay also highlighted the ongoing threat of ‘smishing’, where scammers send fraudulent text messages pretending to be official institutions to steal passwords or one-time passwords (OTPs).

In response to these vulnerabilities, the central bank’s Circular No. 1160 urges financial institutions to transition away from SMS-based OTPs.

Instead, banks and e-money issuers are encouraged to implement stronger security measures, including biometrics and in-app approvals, to better protect consumers as digital payment programmes expand.

Featured image: Edited by Fintech News Philippines based on an image by user13350594 via Freepik.