Kaspersky Reports Fivefold Surge in QR Code Phishing Attacks
Cybersecurity firm Kaspersky has detected a dramatic increase in QR code phishing attacks during the second half of 2025, with detections jumping from 46,969 in August to 249,723 in November. This fivefold growth demonstrates how cybercriminals are increasingly exploiting QR codes as an effective method to conceal malicious URLs and evade traditional security measures.
How QR Code Phishing Works
Attackers embed QR codes directly in email bodies or, more commonly, within PDF attachments. This approach serves a dual purpose: it masks phishing links from detection systems and encourages users to scan codes with mobile devices, which typically have weaker security than desktop computers.
The malicious QR codes appear in both mass phishing campaigns and targeted attacks, directing victims to various fraudulent destinations designed to steal sensitive information.
Common QR Code Attack Vectors
- Fake login pages impersonating Microsoft accounts or corporate portals to harvest usernames and passwords
- Fraudulent HR notifications prompting employees to review vacation schedules or terminated staff lists
- Fake invoices and purchase confirmations combined with voice phishing tactics that trick victims into calling provided phone numbers
These tactics exploit trust in routine business communications, leading to credential theft, account takeovers, data breaches, and financial fraud across organizations worldwide.
Malicious QR codes have evolved into one of the most effective phishing tools this year, particularly when hidden in PDF attachments or disguised as legitimate business communications.
Roman Dedenok, Anti-Spam Expert at Kaspersky
Security Recommendations and Solutions
To combat this growing threat, Kaspersky recommends deploying comprehensive mail server security solutions such as Kaspersky Security for Mail Server. These solutions provide advanced image analysis at email gateways and protect against spam, email-borne infections, phishing attempts, business email compromise, and QR code attacks.
Organizations must implement safe scanning practices and ensure mobile devices have adequate security measures, as the November surge highlights how attackers capitalize on mobile vulnerabilities to bypass traditional desktop protections.
