Blaise Arbouet

November 23, 2023 · 1 min read

QR code phishing attacks on the rise

QR code phishing attacks on the rise

Phishing campaigns using malicious emails have traditionally been an effective vector for compromising organizational networks. As threat actors continually innovate their methods, QR code-based phishing — sometimes called "quishing" — has emerged as an increasingly prevalent tactic. Research from Hoxhunt indicates that 22% of phishing attacks in October 2023 used QR codes.

How QR code phishing works

The attack follows a multi-step process: attackers embed malicious QR codes within deceptive emails, directing users to fraudulent websites designed to harvest credentials or deploy malware.

Safety recommendations

  • Avoid scanning QR codes from unfamiliar senders.
  • Watch for phishing indicators, including artificial urgency, spelling errors, and suspicious sender addresses.
  • Verify URLs before visiting linked websites.
  • Never enter login credentials on a page reached via QR code — go directly to the legitimate company website or call the organization instead.
  • Treat abnormal-looking QR codes in public spaces with suspicion.
  • Exercise caution with QR codes received through social messaging platforms.
  • Use strong, unique passwords across accounts and keep software patched.