A Systematic Literature Review on Common Attacks, Awareness, And Future Prevention Methods

QR code phishing, also called quishing, is a rising threat that exploits  user vulnerabilities from psychological manipulation to gaps in technical awareness of QR codes to lure users into scanning malicious links. This paper presents a systematic literature review to investigate the most common QR phishing attack techniques, user awareness and susceptibility factors, and identify effective prevention strategies. A total of 19 peer-reviewed studies published between 2015 and 2025 were selected based on defined inclusion and exclusion criteria. The review identifies frequent attack methods such as hidden malicious URLs, malware propagation, and QR code overlays in trusted physical locations. Despite familiarity with phishing, many technically skilled users remain unaware of quishing-specific risks due to psychological manipulation, digital complacency, and limited security features in existing QR scanning tools. This knowledge gap underscores the need for multiple prevention approaches. Recommended strategies include machine learning-based detection, cryptographic QR code authentication, improved scanner applications with URL previews, and user-focused cybersecurity education. These combined efforts are essential for strengthening the defense against QR phishing. This study offers a comprehensive foundation for researchers, developers, and security practitioners to design more effective and resilient anti-quishing solutions.