Phishing attacks using malicious QR codes increased sharply in the second half of 2025, rising more than fivefold as cybercriminals adopted new methods to bypass traditional security systems, according to a report by Kaspersky.
The cybersecurity firm said detections of phishing emails containing harmful QR codes jumped from 46,969 in August to 249,723 in November, showing a dramatic surge within just three months. Experts say attackers are increasingly relying on QR codes because they are cheap, easy to use, and harder for many security tools to detect.
According to Kaspersky, QR codes are often placed directly inside email messages or hidden within PDF attachments. This tactic conceals malicious links and encourages users to scan the codes using their mobile phones, which often lack the same level of security as office computers.
Also Read: Top Archaeological Sites in Taxila You Can Visit in One Day
The company noted that malicious QR codes are being used in both large-scale phishing campaigns and targeted attacks. Once scanned, these codes can redirect victims to fake login pages that mimic Microsoft accounts, internal company systems, or other trusted services, with the goal of stealing usernames, passwords, and sensitive data.
Common examples include fake HR emails asking employees to review documents, sign vacation schedules, or check lists of terminated staff. In other cases, attackers send fraudulent invoices or purchase confirmations in PDF files, sometimes combined with phone numbers to trick victims into calling and falling for further social engineering.
Roman Dedenok, an Anti-Spam Expert at Kaspersky, said malicious QR codes have become one of the most effective phishing tools this year, especially when disguised as routine business communication.
He warned that attackers are targeting employees on mobile devices, where protection is often weaker. Without advanced image analysis at email gateways and safe scanning practices, organizations remain vulnerable to credential theft and data breaches.
Kaspersky said the rise in QR code phishing reflects a shift in cybercrime tactics, as attackers exploit gaps in email and mobile security. The company advised organizations to strengthen email protection, educate employees about QR code risks, and verify unexpected messages before scanning any codes.
Security experts also urged individuals to be cautious when scanning QR codes received through emails or unknown sources, as these attacks can lead to account takeovers, financial fraud, and wider data compromises.
