Scammers Use May 15 HR Review Deadline to Steal Logins via QR Code Emails
Updated
Updated · Fox News · May 31
Scammers Use May 15 HR Review Deadline to Steal Logins via QR Code Emails
3 articles · Updated · Fox News · May 31
A phishing email posing as an HR performance review urges employees to scan a QR code before a May 15, 2026 deadline, steering them to fake login pages built to capture credentials.
The scam leans on classic warning signs: a sender domain unrelated to the claimed company, a generic greeting, vague references to a "secure HR access system," copied branding and a high-importance flag.
QR codes make the attack harder to spot because they shift users to phones, where links are less visible and desktop security tools may not inspect the destination before a page opens.
A successful scan can expose login details, trigger malware downloads or collect more personal data, potentially giving attackers access to company systems and email accounts for follow-on attacks.
The safest response is to avoid unexpected QR codes, use known HR portals or bookmarked URLs, confirm suspicious messages through official channels and enable protections such as software updates and two-factor authentication.
As QR code scams bypass standard security, what is the single most effective defense organizations can implement today?
With AI writing perfect phishing emails, is employee training becoming obsolete against these sophisticated cyberattacks?
If even multi-factor authentication can be defeated, how can companies truly verify employee identity in a Zero Trust world?