Cybersecurity experts at Kaspersky have flagged a dramatic rise in phishing emails using malicious QR codes, with detections skyrocketing from 46,969 in August to 249,723 in November, a more than fivefold increase.
Attackers are increasingly turning to QR codes because they conceal harmful URLs while evading many traditional security solutions. The codes are typically embedded directly in emails or, more often, inside PDF attachments, luring users to scan them on mobile devices, which generally have weaker defences than corporate PCs.
“These QR codes have become one of the most effective phishing tools this year. The explosive growth in November shows how cybercriminals exploit this low-cost technique to target employees on mobile devices, where protection is often minimal,” said Roman Dedenok, Kaspersky Anti-Spam Expert.
He shared that malicious QR codes are used in both mass and targeted campaigns, and they are often leading to phishing forms that impersonate Microsoft accounts or internal portals to steal usernames, passwords and other credentials; fake HR notices such as vacation schedules or lists of terminated staff that trick employees into entering their login details; and fraudulent invoices or purchase confirmations, sometimes combined with vishing calls, to extract sensitive information or manipulate victims further.
“The tactics exploit the trust employees place in routine business communications, increasing the risk of credential theft, account takeovers, data breaches and financial fraud,” Dedenok said.
As such, he urges organisations to deploy advanced mail server security solutions capable of filtering spam, blocking email-borne infections and detecting QR code phishing attacks, alongside safe scanning practices to mitigate this evolving threat.
