The QR code in your email or attachment could be a scam.
QR code phishing bypasses MFA, leading to data theft.
How quishing attacks work, and what you can do to stay safe.
Ever had a QR code land in your inbox and curiosity get the better of you?
When we think of phishing and scams, many of the oldest tricks are those we still encounter daily — emails claiming we have long-lost relatives who’ve left us an inheritance; ‘Facebook’ warning that our accounts will be frozen unless we reply promptly; fake lottery wins; and unwanted solicitations from so-called investors willing to transfer us millions of dollars.
However, times are changing. Recruitment scams are becoming sophisticated enough to convince job seekers to engage; AI is being used to humanize and improve phishing attempts and even automate entire attack chains; and now, an attack vector is emerging that weaponizes QR codes to bypass multi-factor authentication (MFA), steal our data, and hijack our accounts.
Quishing: QR fraud on the rise
Quishing, or QR code-based phishing, embeds malicious links in QR codes to bypass traditional phishing filters and slip through security nets. The lure is the same: create a sense of urgency, appeal to our greed, instill fear and panic, or promise rewards for scanning the QR code with our phones and clicking the embedded link to visit an online page or platform.
A QR code phishing scheme can take many forms. A fake message from your bank, an email congratulating you on a lottery win, or an urgent message from your social media provider. Once you’ve scanned the code and clicked the link, you could end up in a domain designed to steal your data or compromise an account you own.
According to Hoxhunt’s 2026 Phishing Trends Report, basic QR-code phishing messages via email are on the decline, but they are re-emerging as an attack vector hidden in scam email attachments, such as in malicious PDFs.
Overall, QR code phishing attacks increased by 25% year-over-year. It’s not just digital spaces, either, as QR codes have also been spotted in physical spaces, embedded in posters or emblazoned on fake business cards, according to the report.
How attackers dodge MFA defenses
Hothunt’s research is supported by a June notice from Google’s Trust & Safety team warning that traditional email attack vectors are being replaced by adversary-in-the-middle (AITM) and quishing attacks.
Quishing pairs with AITM by disguising malicious links in a format that’s hard to read or detect by security filters. According to both Google and Microsoft, this is how it works: You receive a quishing email, and curiosity lures you into scanning the code. You are then sent to a cloned website that appears to be the domain of a trusted service, such as a bank, financial services provider, or even a work platform.
You then submit your credentials, allowing the attacker to bypass existing multi-factor authentication (MFA) protections because you believe you are logging into a trusted website. They can then capture your password and session token, leading to data theft, account compromise, and more.
What makes this tactic more dangerous than traditional phishing, especially for businesses, is that victims use their handsets to scan a QR code, bypassing network-based security and safety nets, such as phishing detection.
The Microsoft Defender team has observed QR code-based cybercriminal campaigns growing from 10% to 30% of total phishing campaigns in recent months.
How to avoid falling for QR-code phishing
As QR codes hide destinations, links, and content in an image-like format, we can’t see what is in them or verify their origins easily — which is why blindly scanning and following a QR code is risky.
QR codes, especially those you aren’t expecting, should be treated with the same suspicion as emailed links or attachments. Just because the format is different, the phishing angle remains the same: to coerce or exploit a victim’s curiosity and lure them into clicking and visiting a malicious online resource. The only difference here is the delivery mechanism — instead of a straightforward link or file, a victim uses a camera to scan.
The best advice here is to stay cautious. If you receive an email containing a QR code that appears to be from your bank, visit your bank’s official website in a separate tab or open your bank’s mobile app. Even if a message seems legitimate, for safety and security, you should not click links, open attachments, or scan QR codes unless you are completely sure the source is legitimate and the message’s contents are safe.
Keep in mind, too, that QR code threats aren’t limited to emails. See that QR code sticker slapped on a lamp post near your favorite store? Even physical QR code stickers can harbor a serious threat to your privacy and security.
As summer starts approaching fast, you have probably gotten your backyard all ready for people to come and hang out, or just for yourself to spend some time in the sun. However, even when everything is set up, you may realize your Wi-Fi signal strength isn’t the best out there.
In today’s digital era, this can be a major headache, especially if your home does not have a strong cellular signal either. Luckily, there is a way to extend your Wi-Fi to your backyard without buying an expensive mesh system.
The backyard is a Wi-Fi dead zone
My backyard was a graveyard for any Wi-Fi signal
If you’re like me, you have really great Wi-Fi inside your house that is fast and reliable. No matter where you are, you seem to have a strong connection that lets you browse the web and watch content.
Credit: Nathaniel Pangaro / How-To Geek
However, when you step outside and walk a few feet into your backyard, that Wi-Fi signal disappears. Even worse, you may also be in an area with poor cellular service.
When looking for ways to fix this, many suggestions point to a mesh router setup. However, these can be expensive and often come with only a limited number of units per box. Furthermore, adding more would incur additional costs.
Additionally, when considering mesh routers, I thought about how I would incorporate them into my backyard. While I could plug one into an outlet outside, I was concerned that exposure to severe weather could damage it, even if it were under an overhang or in a gazebo.
This led me to find another workaround: repurposing my old router as an access point to extend my Wi-Fi to the backyard. This allowed me to use something I already had collecting dust and give it a new purpose.
From military roots to whole-home coverage — how well do you really know mesh WiFi?
HistoryTechnologyBrandsFuture TechFun Facts
The concept of mesh networking was originally developed for use in which field before it reached consumer homes?
Correct! Mesh networking grew out of military research, particularly DARPA-funded projects aimed at creating self-healing, decentralized communications that could survive partial network destruction. The idea was that if one node went down, traffic would reroute automatically — a very useful feature on a battlefield.
Not quite. Mesh networking has its roots in military and DARPA-funded research, designed to create resilient, self-healing communications networks for battlefield use. The decentralized nature meant no single point of failure — a concept that later translated beautifully to home WiFi coverage.
What is the primary technical difference between a traditional WiFi extender and a true mesh WiFi system?
Spot on! True mesh systems use a dedicated backhaul — often a separate radio band — exclusively for node-to-node communication. This keeps the bandwidth used by your devices separate from the bandwidth used to pass data between nodes, resulting in far less congestion and much better performance than a traditional extender.
Not quite. The key differentiator is that true mesh systems use a dedicated backhaul channel between nodes, keeping device traffic and inter-node traffic separate. Traditional extenders reuse the same band for both, effectively halving available bandwidth — which is why they often disappoint in practice.
Which company is widely credited with popularizing consumer mesh WiFi when it launched its first product in 2015?
Correct! Eero launched in 2015 as one of the first consumer-focused mesh WiFi systems and essentially kicked off the home mesh revolution. Its simple app-based setup and attractive hardware stood out in a market dominated by ugly router boxes covered in antennas. Amazon later acquired Eero in 2019.
Not quite — Eero gets the credit here. Founded in 2014 and launched to consumers in 2015, Eero was a pioneer in making mesh WiFi accessible and appealing to everyday users. Its clean design and smartphone-based setup felt revolutionary compared to traditional router management interfaces.
A mesh WiFi network behaves similarly to which surprisingly ancient human communication system?
Great analogy — and you got it! Mesh networking mimics the way gossip spreads: each node receives information and passes it along to the nearest neighbor, with multiple paths available if one route is blocked. Computer scientists actually call one mesh routing method ‘gossip protocol’ for exactly this reason.
Fun guess, but the best analogy is gossip spreading through a village. In mesh networking, data hops from node to node along the best available path — just like a rumor finding its way through a crowd. Computer scientists even formally named one routing approach ‘gossip protocol’ in honor of this similarity.
WiFi 6E and WiFi 7 mesh systems introduced support for which frequency band that older mesh hardware cannot use?
Correct! WiFi 6E opened up the 6 GHz band for consumer use, giving mesh systems a much less congested slice of spectrum to use — especially valuable as a clean, fast backhaul channel. WiFi 7 expands on this further with multi-link operation, letting devices use multiple bands simultaneously.
The answer is 6 GHz. WiFi 6E was a significant leap because it unlocked the 6 GHz band — a largely empty, high-capacity range of spectrum that dramatically reduces interference, especially in apartment buildings packed with competing networks. Mesh systems use it as a super-clean backhaul highway.
Before dedicated mesh systems existed, some creative users built their own mesh-like home networks using open-source firmware called what?
Well done! DD-WRT was the go-to open-source router firmware for enthusiasts who wanted to squeeze extra performance and features out of consumer routers — including running multiple routers in coordinated configurations that resembled mesh behavior. It’s still actively developed today and has a devoted following.
Not quite — the answer is DD-WRT. This legendary open-source firmware let tech-savvy users replace the factory software on routers from brands like Linksys and Netgear, unlocking advanced features including multi-router setups that approximated mesh networking years before polished consumer mesh products existed.
Which emerging concept would take mesh networking beyond the home and create a massive, self-organizing internet built from billions of everyday devices?
Exactly right! The Internet of Things vision includes smart devices — thermostats, lights, sensors, appliances — forming spontaneous mesh networks with each other, passing data along without relying on a central router or ISP infrastructure. Standards like Thread and Matter are already pushing this concept into real homes today.
The answer is the IoT mesh. The Internet of Things roadmap envisions billions of smart devices forming organic, self-organizing mesh networks — communicating peer-to-peer without needing a traditional router as a middleman. Protocols like Thread (used in Matter-compatible smart home devices) are making this a reality right now.
What quirky real-world project demonstrated mesh networking by connecting an entire island community with a DIY WiFi mesh built mostly from recycled hardware?
Correct! Guifi.net, launched in rural Catalonia in the early 2000s, grew into one of the world’s largest community-owned mesh networks with tens of thousands of nodes. It was built by volunteers using cheap or recycled hardware to bring internet access to areas ignored by commercial ISPs — a remarkable grassroots achievement still operating today.
The answer is Guifi.net. This incredible volunteer-built mesh network in Catalonia, Spain, started in the early 2000s and eventually grew to over 35,000 active nodes, making it one of the largest community mesh networks on the planet. It proved that determined communities could build their own internet infrastructure without relying on big telecoms.
Challenge Complete
Your Score
/ 8
Thanks for playing!
Setting up your old router as an access point
Making a world difference in your Wi-Fi range
While it may seem intimidating to deal with your Wi-Fi settings since you do not want to press the wrong button and take your entire network offline, this process was surprisingly simple. All it took was finding a suitable place for the old router and connecting it to my existing network.
The first thing I had to do was find a location for my old router that would provide good coverage to the backyard. Luckily, our living room is right next to the backyard, and it used to house the family computer.
As a result of that setup, an Ethernet port was already installed in the room for the computer. This gave me an easy way to connect the old router to the main router, which was located on the other side of the house.
Credit: Olivier Le Moal/Shutterstock.com
If you do not have a pre-installed Ethernet port in your house, there are other ways to get a wired connection, including through your home’s electrical outlets. There are various adapters that can help with this, such as the TP-Link AV1000 Powerline Ethernet Adapter Kit.
Once you have one set up—if needed—you can connect your old router to the adapter, and it will then benefit from a wired connection.
Brand
TP-Link
Ports
1x Ethernet
For my setup, I had an old TP-Link router from before I upgraded to my current model, and getting it configured as an access point was not that difficult. All I had to do was connect it to my main router with an Ethernet cable, add it as a new device in the TP-Link Deco app, and switch its operating mode from router to access point.
The difference between router mode and access point mode is how the device handles your network. In router mode, the router connects directly to your internet line and distributes internet access to your devices. On the other hand, in access point mode, the additional router acts as a bridge between your primary router and your devices, extending your home’s wireless coverage.
Credit: Nathaniel Pangaro / How-To Geek
However, there is one caveat to doing this: the handoff between your main router and your access point won’t be quite as seamless as a dedicated mesh system. While you can use the exact same network name and password to let your devices automatically switch to the stronger signal, I chose a different route
With a mesh router setup, your devices can automatically switch between different nodes while remaining connected to the same Wi-Fi network. This handoff happens seamlessly in the background, so you do not have to do anything.
With an access point, you have the option to create a completely separate network name. I decided to do this, meaning I have to manually join it whenever I want to use the signal from my old router.
Credit:
Nathaniel Pangaro / How-To Geek
At first, I was not the biggest fan of having multiple networks listed in my Wi-Fi settings and needing to manually switch between them. However, after thinking about it more, I warmed up to the idea.
Considering how infrequently I am outside compared with how often I am indoors, I realized I would spend most of my time connected to my primary network anyway.
Wi-Fi Bands
Wi-Fi 6
Ethernet Ports
6 (2 each)
Additionally, to make things easier, I gave the access point network a distinct name. This allows both me and any guests who visit to quickly identify which network provides coverage for the backyard.
Using my old router as an access point has made spending time in the backyard much more enjoyable. Before, I would sit outside with a weak signal from the house and wait for content to load at a snail’s pace.
Yet, after setting up the access point, it made a world of difference. I now have a stronger signal, faster loading times, and more reliable ways to stay connected no matter where I am on my property.
So if you’re like me and struggle with poor Wi-Fi coverage in your backyard, consider pulling your old router out of the closet and putting it to good use. It’s never too late to turn something you thought was junk into a practical solution that can save you a significant amount of money.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.