This work addresses the challenge of detecting quishing attacks—sophisticated QR code-based threats that evade conventional defenses—by proposing ALFA, a novel detection framework. ALFA reconstructs the QR code grid through binarization and integrates a pioneering FAST module for error correction alongside structural feature extraction, enabling a pre-trained model to assess the legitimacy of the code and prevent malicious redirection at its source. Moving beyond the limitations of vision-based deep learning approaches, ALFA effectively handles adversarial QR codes featuring color variations, geometric distortions, and other evasive manipulations. Experimental results demonstrate that ALFA achieves a remarkably low false negative rate of only 0.06% on synthetic datasets and significantly outperforms mainstream mobile scanning tools in real-world scenarios, offering both high accuracy and robust reliability.

Phishing with Quick Response (QR) codes is termed as Quishing. The attackers exploit this method to manipulate individuals into revealing their confidential data. Recently, we see the colorful and fancy representations of QR codes, the 2D matrix of QR codes which does not reflect a typical mixture of black-white modules anymore. Instead, they become more tempting as an attack vector for adversaries which can evade the state-of-the-art deep learning visual-based and other prevailing countermeasures. We introduce"ALFA", a safe-by-design approach, to mitigate Quishing and prevent everyone from accessing the post-scan harmful payload of fancy QR codes. Our method first converts a fancy QR code into the replica of binary grid and then identify the erroneous representation of modules in that grid. Following that, we present"FAST"method which can conveniently recover erroneous modules from that binary grid. Afterwards, using this binary grid, our solution extracts the structural features of fancy QR code and predicts its legitimacy using a pre-trained model. The effectiveness of our proposal is demonstrated by the experimental evaluation on a synthetic dataset (containing diverse variations of fancy QR codes) and achieve a FNR of 0.06% only. We also develop the mobile app to test the practical feasibility of our solution and provide a performance comparison of the app with the real-world QR readers. This comparison further highlights the classification reliability and detection accuracy of this solution in real-world environments.