Tech For Humans Newsletter

You've probably scanned a few QR codes this week without thinking twice. Maybe a parking meter or a restaurant menu.

Hackers have noticed how casual we've become about it, and they've built an entire new scam around it.

In today's email, I'm showing you how "quishing" works and the 3 habits that will keep your team out of it.

You'll also find a 30-second Outlook fix that stops spam meetings from cluttering your calendar, a wild stat about how few small businesses have cyber insurance, and a gadget you’ll want to have in your office.

So grab your favorite beverage, get comfy, and let’s dig in.

Purple and Black Clean and Professional New Employee LinkedIn Post (5)

THE BIG IDEA

Quishing

Quishing: The New Phishing Scam

A few years ago, scanning a QR code felt suspicious. Today, you probably scan three or four a day without thinking about it... parking meters, restaurant menus, conference badges, charging stations, etc.

And because of that, there's now an entire category of attack called "quishing," which is just phishing delivered through a QR code instead of an email link.

The FBI started issuing public warnings about it in 2024. Since then, reported attacks have jumped over 600%, and small businesses are getting hit harder than anyone.

Think about what happens when a phishing email lands in your inbox.

Your email provider scans it for known threats, and your IT setup flags suspicious links.

But none of that exists with a QR code. You point your phone at a square of black-and-white dots, and you have no idea where it's about to send you until you're already there.

By the time the fake Microsoft 365 login page loads on your phone, you've also stepped outside your company's security stack.

And your personal phone isn't running the same protections as your work laptop.

So these attacks usually arrive in one of three ways.

Someone prints a fake QR sticker and slaps it over the real one on a parking meter, EV charger, or restaurant menu.

An attacker embeds a QR code inside a PDF attachment. The code slips past email filters that only scan text links.

Or a flyer, business card, or conference poster sends you to a fake landing page that drops malware on your phone or steals your login.

Three habits will keep your team safer:

  1. Treat every QR code like an unknown link.If a code arrives in an email, a PDF, or a text message, don't scan it. Go to the company's real website yourself and find what you need from there.

     

  2. Make accounts payable a QR-free zone.Any invoice, payment portal, or "click here to verify" that arrives as a QR code is a hard no. Your team should only pay through known logins they type into the browser themselves, never through a code embedded in a document.

     

  3. Look for tampering on physical codes.Before you scan a QR in the wild, check if it's a sticker laid over another sticker. Run your fingernail along the edge. If it peels, walk away. Genuine QR codes are usually printed onto the surface, not stuck on top.

If you'd like us to check whether your team's phones and email gateway are set up to flag malicious QR codes, just reply to this email. We'll take a look.

JP Headshot

JOHN'S TECH TIP

Stop Spam Meetings From Auto-Filling Your Calendar

​By default, Outlook adds every meeting invite to your calendar the moment it arrives, even before you've responded. Turn off "Auto-process invitations" in Outlook settings so nothing lands on your calendar until you accept it.

THE LATEST NEWS

🔓 Same Crew That Hit ADT Just Stole Data on 275 Million Students

ShinyHunters (the same group behind the ADT breach) broke into Instructure, the company behind Canvas, the learning management system used by 41% of US higher education and a chunk of K-12. They claim 275 million individuals’ data stolen across nearly 9,000 schools. 

 

🤖 Anthropic Drops 10 Pre-Built AI Agents for Financial Services

Anthropic released ten ready-to-run Claude agents that handle pitchbooks, KYC screening, month-end close, and seven other workflows that typically eat up junior analyst hours. The agents work inside Excel, PowerPoint, Word, and Outlook, with full audit trails for compliance. JPMorgan, Goldman Sachs, Citi, and AIG are already using them in production.

 

🔋 80% of Top AI Users Say They're Doing Work They Couldn't Do a Year Ago

Microsoft published its 2026 Work Trend Index, based on trillions of productivity signals and a survey of 20,000 workers across 10 countries. 49% of Microsoft 365 Copilot conversations now handle the kind of thinking work that used to require deep expertise, and 80% of the most advanced users say they're producing work they couldn't have a year ago.

THE INTERESTING STATISTIC

Cyber Ins

Only 17% of Small Businesses Have Cyber Insurance, and the Average Claim in 2025 Was $79,000

According to industry research, only 17% of small businesses have cyber insurance, and 64% say they're not familiar with what it covers.

Meanwhile, the average small business cyber claim in 2025 came in at $79,000, the kind of bill that can end the business for a small team.

Most owners don't buy it because the policies feel confusing, premiums climbed roughly 14% over the past year, and brokers rarely explain in plain English what's covered.

The upside most owners miss is that insurers actively reward you for the security basics.

Multi-factor authentication, endpoint protection, and offline backups can knock 20-40% off your premium.

So the same things that protect your business from attack also make insurance affordable. If you've never quoted cyber insurance, it's worth 30 minutes to get a baseline.

If you are in the market for a cyber insurance policy or want to determine whether your security posture aligns with your current policy, we are happy to offer a free consultation.

THE GADGET OF THE MONTH

Cloud Server

The Synology BeeStation is a plug-and-play personal cloud server about the size of a router.

Plug it in, set up an account, and your whole team gets private storage they can use through phone, desktop, and web apps that work just like the services you're paying for now.

The 4TB version runs around $300 (no monthly fees), and because the files live on a device in your office (not on someone else's server), you stop trusting sensitive client data to a third party.

It pays for itself inside the first year for most small teams, and faster if you've got more than a few users.

THE BOOK OF THE MONTH

The Hard Thing

If you've ever felt like every business book skips the part where running a company breaks you a little, The Hard Thing About Hard Things is the book to read.

Ben Horowitz (cofounder of Andreessen Horowitz, one of Silicon Valley's biggest venture firms) wrote it after running a company that came within 30 days of bankruptcy more than once.

The whole book is built around the moments business books usually skip. Firing a friend, laying off half your team, calling an investor with bad news, keeping your head when everything is on fire at the same time.

It's not a feel-good book. It's the one you'll wish you'd read before your hardest week as an owner.

BackRub

DID YOU KNOW?

When the founders of Google built their search engine in 1996 as a Stanford project, they named it BackRub because it analyzed the web's "back links."

Thanks for reading!

The Transcend Networks team and I put this newsletter together to share tech advice that’s actually useful, and (hopefully) even fun to read 🙂

When we’re not writing these, we’re helping businesses like yours become more secure and stay productive without all the tech headaches.

If you ever need a professional opinion on anything IT-related, simply hit reply and let me know.

We're here to help 🙂

Leave a Comment