Luka BekavacSimon MayerJannis Rene Strecker2024-03-282024-03-282024-05-11https://www.alexandria.unisg.ch/handle/20.500.14171/11977410.1145/3613905.3651006As QR codes become ubiquitous in various applications and places, their susceptibility to tampering, known as quishing, poses a significant threat to user security. In this paper we introduce SafeQR codes that address this challenge by introducing innovative design strategies to enhance QR code security. Leveraging visual elements and secure design principles, the project aims to make tampering more noticeable, thereby empowering users to recognize and avoid potential phishing threats. Further, we highlight the limitations of current user-education methods in combating quishing and propose different attacker models tailored to address quishing attacks. In addition, we introduce a multi-faceted defense strategy that merges design innovation with user vigilance. Through a user study, we demonstrate the efficacy of ’Integrity by Design’ QR codes. These innovatively designed QR codes significantly raise user suspicion in case of tampering and effectively reduce the likelihood of successful quishing attacks.en-USquishingQR codesQR code based phishingphishing susceptibilityprivacyconference contribution