The lure
A printed sign, email attachment, parking notice, or invoice asks the learner to scan a QR code.
QR code phishing awareness
Show how a harmless-looking QR code can lead to credential theft.
This local-only demo walks learners through the full quishing flow: scan a QR code, land on a fake login page, submit dummy credentials, then review what an attacker would have captured.
The fake page
The QR opens a login page that feels familiar enough to lower suspicion.
The capture
Submitted credentials appear in the dashboard, showing the risk in plain sight.
Facilitator notes
- Ask learners to use dummy credentials only, such as
alex@training.localandWinter2026!. - Point out URL checking, QR codes on unexpected signs, urgent language, and login prompts after scanning.
- The simulator stores demonstration entries in this browser only and can be cleared from the dashboard.