Cybersecurity firm Kaspersky has reported a sharp increase in phishing attacks using malicious QR codes, raising concerns for both businesses and individual users.
During the second half of 2025, detections of such attacks jumped from 46,969 in August to 249,723 in November, a more than fivefold increase. Attackers increasingly embed QR codes directly in emails or, more often, within attached PDF files.
QR codes are favored by cybercriminals because they can conceal harmful links while bypassing many security filters. Users scanning the codes with mobile devices—which often have weaker security than corporate systems—are at particular risk.
Malicious QR codes are deployed in both mass phishing campaigns and targeted attacks. They may direct users to:
- Fake login pages mimicking services like Microsoft or internal company platforms to steal usernames, passwords, and credentials.
- Fraudulent HR notifications prompting employees to check or sign documents, sometimes pretending to show lists of dismissed staff, leading to credential theft.
- Counterfeit invoices or purchase confirmations in PDFs, often paired with vishing tactics, coaxing victims to call phone numbers that facilitate further social engineering attacks.
Roman Dedenok, Kaspersky’s Anti-Spam specialist, notes: “Malicious QR codes have become one of the most effective phishing tools, particularly when hidden in PDF attachments or disguised as legitimate corporate communications.”
Experts warn that without advanced image analysis on email servers and secure scanning practices, organizations remain highly vulnerable to credential theft, data breaches, and financial fraud.
