Phishing attacks using malicious QR codes surged more than fivefold in the second half of 2025 as cybercriminals increasingly exploit the technology to evade security detection, according to Kaspersky.
Detections of phishing emails containing malicious QR codes jumped from 46,969 in August to 249,723 in November, representing a dramatic increase in just three months.
Attackers use QR codes in emails more frequently because they provide a simple and cost-effective way to conceal malicious URLs, evading detection by many protective solutions, the cybersecurity firm said.
These QR codes are often embedded directly in email bodies or, more commonly, within PDF attachments. This evolution both masks phishing links and encourages users to scan them on mobile phones, which may have weaker security than work computers.
Malicious QR codes commonly appear in mass phishing campaigns as well as targeted ones. Links embedded within them may lead to phishing forms impersonating login pages for services like Microsoft accounts or internal corporate portals, designed to steal usernames, passwords and other credentials.
Fake HR notifications urging employees to review or sign documents, such as vacation schedules, or even view lists of terminated staff, ultimately direct users to credential stealing sites.
Fraudulent invoices or purchase confirmations in PDF attachments are often combined with vishing tactics that prompt victims to call provided phone numbers to cancel or clarify the transaction, enabling further social engineering attacks.
These tactics exploit trust in routine business communications, leading to credential theft, account takeovers, data breaches and financial fraud, Kaspersky warned.
Roman Dedenok, Anti Spam Expert at Kaspersky, said malicious QR codes have evolved into one of the most effective phishing tools this year, particularly when hidden in PDF attachments or disguised as legitimate business communications.
“The explosive growth in November highlights how attackers are capitalizing on this low cost evasion technique to target employees on mobile devices, where protection is often minimal. Without advanced image analysis at the email gateway and safe scanning practices, organizations are left vulnerable to credential compromise and downstream breaches,” Dedenok commented.
The surge in QR code phishing represents a significant shift in cybercriminal tactics as traditional email security measures struggle to detect threats embedded within images and PDF files.
Mobile devices have become a prime target because many organizations lack comprehensive security solutions for smartphones and tablets compared to desktop computers.
To defend against this escalating threat, Kaspersky recommends deploying a mail server security solution such as Kaspersky Security for Mail Server that provides trusted and secure corporate email exchange.
The solution counters spam, email-borne infections, all forms of phishing, business email compromise, QR code attacks and other threats, the company said. Security experts advise employees to verify the authenticity of unexpected QR codes before scanning them, especially those received via email or from unfamiliar sources.
Organizations should implement comprehensive security awareness training to educate staff about the risks of QR code phishing and establish clear protocols for handling suspicious communications.
Subscribe To Get Update Latest Blog Post
No Credit Card Required
You May Also Like
Pakistan Rang is a leading Digital Media Publisher delivering cutting-edge content across news, entertainment, education, healthcare, lifestyle, Sports, and technology. Our platform engages millions with timely stories and insightful analysis. Committed to quality journalism and innovation, we connect audiences with the information they need and the stories that inspire and inform.
