Kaspersky Finds Increase in False QR Code Phishing Attacks in 2025
JAKARTA - Kaspersky found a spike in phishing emails containing malicious QR codes in the second half of 2025. These emails jumped from 46,969 in August to 249,723 in November.
These QR codes are often embedded directly in the body of an email or, more commonly, in a PDF attachment, in order to disguise phishing links and encourage users to scan them on their phones.
The frequency of attackers using QR codes in emails is even more used, because the code provides a simple way to hide malicious URLs, so as to be able to avoid detection by many protection solutions.
Dangerous QR codes generally appear in mass and targeted phishing campaigns. The links embedded in them can lead to:
Phishing forms disguised as login pages for services such as Microsoft accounts or company internal portals, designed to steal usernames, passwords, and other credentials. Fake notifications claiming to be from the HR department that urge employees to review or sign documents, such as vacation schedules, or even view a list of dismissed staff, ultimately leading to a credential theft site. Fake invoices or purchase confirmations in PDF attachments, often combined with vishing (voice phishing) tactics that encourage victims to call the given phone number to "cancel" or clarify the transaction, thus enabling further social engineering attacks.This tactic exploits trust in routine business communications, leading to credential theft, account takeover, data breaches, and financial fraud.
To protect against this growing threat, Kaspersky recommends implementing an email server security solution that provides a trusted and secure corporate email exchange, counter spam, email infection, all forms of phishing, business email compromise (BEC), QR code attacks, and other threats.