QR Code Phishing Emails Surge Globally - IT News Africa

Share your love Attackers use QR codes in emails more frequently because they provide a simple and cost-effective way to conceal malicious URLs, evading detection by many protective solutions. Global cybersecurity and digital privacy company Kaspersky has reported a spike in phishing emails containing malicious QR codes. Detections for these jumped from 46,969 in August 2025 to 249,723 in November 2025. That’s more than fivefold growth, as cybercriminals increasingly exploit QR codes, a trend that will likely continue in 2026. QR codes are often tucked right into email bodies or, more often, hidden in PDF attachments, a tactic that both disguises phishing links and nudges people to scan them on their phones, which might have weaker security than their work computers. Links embedded within them may lead to: Phishing forms impersonating login pages for services like Microsoft accounts or internal corporate portals, designed to steal usernames, passwords, and other credentials. Fake HR notifications urging employees to review or sign documents, such as vacation schedules, or even view lists of terminated staff, ultimately directing to credential-stealing sites. Fraudulent invoices or purchase confirmations in PDF attachments, often combined with vishing (voice phishing) tactics that prompt victims to call provided phone numbers to “cancel” or clarify the transaction, enabling further social engineering attacks. These tactics exploit trust in routine business communications, leading to credential theft, account takeovers, data breaches, and financial fraud. “Malicious QR codes have evolved into one of the most effective phishing tools, particularly when hidden in PDF attachments or disguised as legitimate business communications like HR updates. The explosive growth in November 2025 highlights how attackers are capitalizing on this low-cost evasion technique to target employees on mobile devices, where protection is often minimal. Without advanced image analysis at the email gateway and safe scanning practices, organizations are left vulnerable to credential compromise and downstream breaches,” comments Roman Dedenok, Anti-Spam Expert at Kaspersky. Related Posts Vodacom and Amazon SA Launch First-of-Its-Kind Partnership in South Africa June 26, 2026 Mastercard Launches Priceless Africa June 25, 2026 LIFT Expands Payment Options with Apple Pay, Google Pay & Crypto June 24, 2026