Fivefold surge in QR code phishing attacks
Cybersecurity firm Kaspersky has reported a sharp rise in phishing emails containing malicious QR codes, warning that the trend is likely to continue into 2026.According to the company, detections of phishing emails with QR codes increased more than fivefold, from 46 969 in August 2025 to 249 723 in November 2025. Cybercriminals are increasingly exploiting QR codes as a low-cost and effective way to hide malicious links and evade traditional security controls.
Kaspersky said QR codes are often embedded directly in the body of emails or, more commonly, concealed within PDF attachments. This approach not only obscures the phishing link but also encourages recipients to scan the code on their mobile phones, which frequently have weaker security protections than workplace computers.
The company noted that malicious QR codes are being used in both large-scale phishing campaigns and targeted attacks. Once scanned, the embedded links may lead to phishing pages impersonating legitimate login portals, such as Microsoft accounts or internal corporate systems, with the aim of stealing usernames and passwords.
Other attacks include fake human resources notifications urging employees to review or sign documents, such as leave schedules or lists of terminated staff, which redirect victims to credential-harvesting websites. Fraudulent invoices or purchase confirmations sent as PDF attachments are also common, sometimes combined with voice phishing tactics that prompt victims to call a phone number to “cancel” or query a transaction, enabling further social engineering.
“These tactics exploit trust in routine business communications,” Kaspersky said, adding that successful attacks can result in credential theft, account takeovers, data breaches and financial fraud.
Roman Dedenok, an anti-spam expert at Kaspersky, said malicious QR codes have become one of the most effective phishing tools, particularly when disguised as legitimate business communications.
“The explosive growth seen in November 2025 shows how attackers are capitalising on this low-cost evasion technique to target employees on mobile devices, where protection is often minimal,” he said. “Without advanced image analysis at the email gateway and safe scanning practices, organisations remain vulnerable to credential compromise and downstream breaches.”
To counter the growing threat, Kaspersky recommends regular cybersecurity awareness training for employees and the deployment of dedicated email security solutions to protect corporate mail systems from spam, phishing, business email compromise and QR code-based attacks. - Distributed by APO Group on behalf of Kaspersky
