Google’s fraud and scams advisory highlights adversary-in-the-middle (AITM) phishing and QR-code “quishing” tactics. These scams are designed to steer victims to malicious pages or intercept login activity.

Google’s latest U.S.-relevant fraud and scams advisory describes ongoing tactics that manipulate how people authenticate and where they click. One highlighted technique is adversary-in-the-middle (AITM) phishing, where attackers position themselves between a victim and a legitimate login flow to capture credentials or session information. Rather than simply tricking a user into typing a password into a look-alike site, AITM attacks can aim to intercept the authentication process in ways that make the deception harder to notice. Google also points to “quishing,” a portmanteau of “QR” and phishing. In these scams, victims are encouraged to scan a QR code that leads to a malicious destination—such as a spoofed login page or a site designed to capture information. The QR format can add legitimacy because it feels like a normal, convenient action rather than a direct link-click. The advisory situates these trends within broader adversary behavior, noting that scammers continuously refine delivery methods and lures to match user expectations. Google’s overall message is that link and code-based prompts—whether delivered by ads, messages, or impersonation attempts—should be treated as suspicious when they request credentials or push users toward urgent verification steps.