QR Code Phishing Surges Fivefold as Cybercriminals Target Mobile Users

Cybersecurity firm Kaspersky has warned of a sharp rise in phishing emails containing malicious QR codes, flagging the trend as one of the fastest-growing email-based threats heading into 2026.

According to Kaspersky data, detections of malicious QR codes jumped from 46,969 in August 2025 to 249,723 in November 2025—a more than fivefold increase in just three months. The surge highlights how cybercriminals are increasingly exploiting QR codes as a low-cost, high-impact method to bypass traditional email security controls.

Why QR Codes Are the New Phishing Weapon

Attackers are turning to QR codes because they allow malicious URLs to be hidden from standard link analysis tools used by many email gateways. These QR codes are typically embedded directly in email bodies or, more commonly, concealed within PDF attachments—a tactic that adds an extra layer of deception.

By prompting users to scan the codes with their smartphones, attackers also exploit a critical security gap: mobile devices often lack the same level of protection as corporate desktops or laptops.

“Malicious QR codes have evolved into one of the most effective phishing tools, particularly when hidden in PDF attachments or disguised as legitimate business communications like HR updates,” said Roman Dedenok, Anti-Spam Expert at Kaspersky. “The explosive growth in November 2025 shows how attackers are capitalising on this low-cost evasion technique to target employees on mobile devices.”

How the Attacks Work

Kaspersky researchers say malicious QR codes are now common in both mass phishing campaigns and highly targeted attacks. Once scanned, the embedded links may lead to:

• Fake login pages impersonating Microsoft accounts or internal corporate portals, designed to steal usernames and passwords

• Fraudulent HR notifications, urging employees to review documents such as leave schedules or termination lists, redirecting victims to credential-harvesting sites

• Bogus invoices or purchase confirmations embedded in PDFs, often paired with vishing tactics that prompt victims to call fake support numbers, enabling further social engineering

These methods exploit trust in routine workplace communications, often resulting in credential theft, account takeovers, data breaches, and financial fraud.

A Growing Risk for Organisations

Security experts warn that without advanced image analysis at the email gateway and stronger employee awareness, organisations remain vulnerable to QR-based attacks that can slip past traditional defences.

“Without safe scanning practices and modern detection capabilities, QR code phishing can easily lead to downstream breaches,” Dedenok added.

How to Stay Protected

To counter the rising threat, Kaspersky recommends a dual approach:

• Employee cybersecurity training, with specific guidance on QR code risks

• Deployment of dedicated email security solutions such as Kaspersky Security for Mail Server, which can detect and block spam, phishing, business email compromise (BEC), QR code attacks, and other email-borne threats

As QR codes become more deeply embedded in everyday business workflows, security teams are being urged to treat them not as convenience tools—but as potential attack vectors.