QR code phishing attacks surged dramatically in the second half of 2025, with cybercriminals increasingly using malicious QR codes to bypass email security systems, according to a new cybersecurity report.
QR-Based Phishing Sees Explosive Growth
Data from Kaspersky shows that phishing emails containing harmful QR codes surged dramatically within just three months. In August 2025, security systems detected around 46,969 such emails. By November, this number had skyrocketed to 249,723, marking a more than fivefold increase.
Experts say QR codes have become an attractive tool for cybercriminals because they allow malicious links to remain hidden from many email scanners. Since QR codes are images rather than clickable text links, they often evade standard detection methods used by email security solutions.
PDFs and Emails Used to Trap Victims
Most malicious QR codes are now being embedded directly into email messages or placed inside PDF attachments. This method not only conceals the phishing link but also encourages users to scan the code using their smartphones. Security researchers warn that mobile devices often have weaker protection compared to office computers, making them an easy target.
These attacks appear in both large-scale phishing campaigns and highly targeted attacks. Once scanned, the QR code can redirect victims to fake login pages that mimic well-known services such as Microsoft accounts, internal company portals, or cloud platforms. The goal is to steal usernames, passwords, and sensitive corporate credentials.
Fake HR Notices and Invoices Fuel Attacks
One common tactic involves fake HR emails asking employees to review documents such as updated policies, vacation schedules, or lists of terminated staff. Victims who scan the QR code are unknowingly redirected to credential-harvesting websites.
Another growing trend includes fraudulent invoices or purchase confirmations sent as PDF files. In some cases, these scams are combined with vishing tactics, where victims are urged to call a phone number to cancel a fake transaction. This allows attackers to further manipulate victims through social engineering.
Experts Warn of Serious Cyber Risks
Roman Dedenok, an Anti-Spam Expert at Kaspersky, warned that malicious QR codes have become one of the most effective phishing techniques of 2025. He noted that attackers are especially targeting employees who rely heavily on mobile devices for work-related emails.
According to Dedenok, the massive spike in November highlights how cybercriminals are exploiting low-cost and low-detection methods to compromise accounts. Without advanced image analysis and safe QR scanning practices, organizations face increased risks of data breaches and credential theft.
Mobile Devices Are the Weakest Link
Security analysts point out that smartphones and tablets are now prime targets because many organizations lack comprehensive security solutions for mobile devices. Unlike desktops, mobile platforms often miss advanced threat detection tools, making QR-based phishing especially dangerous.
The rapid growth of QR phishing also signals a major shift in cybercriminal strategies, as attackers adapt to tighter controls around traditional phishing links.
How Organizations Can Stay Protected
To counter this rising threat, Kaspersky recommends deploying robust email security solutions such as Kaspersky Security for Mail Server, which can block spam, phishing, QR-based attacks, and business email compromise attempts.
Cybersecurity professionals also stress the importance of employee awareness training. Staff should be taught to verify unexpected QR codes before scanning them, particularly those received via email or from unknown sources. Clear internal procedures for reporting suspicious messages can further reduce risk.
As QR codes continue to be widely used in everyday business communication, experts warn that caution and education remain the strongest defenses against this rapidly growing cyber threat.
