QR Code Phishing Attacks Jump 25%, Bypassing MFA to Steal Data
Updated
Updated · ZDNet · Jul 13
QR Code Phishing Attacks Jump 25%, Bypassing MFA to Steal Data
3 articles · Updated · ZDNet · Jul 13
Summary
QR code phishing rose 25% year over year, with attackers increasingly hiding malicious codes in email attachments such as PDFs rather than plain email messages.
Those campaigns work by pushing victims from a scanned code to a cloned login page, where attackers capture credentials and session tokens to get around multi-factor authentication.
Microsoft Defender said QR-code lures grew from 10% to 30% of total phishing campaigns in recent months, while Google warned in June that quishing and adversary-in-the-middle attacks are replacing older email tactics.
Physical QR codes also pose risks—fake stickers, posters and business cards can send users to malicious sites—prompting advice to avoid scanning unexpected codes and instead open official apps or websites directly.