Updated
Updated · ZDNet · Jul 13
QR Code Phishing Attacks Jump 25%, Bypassing MFA to Steal Data
Updated
Updated · ZDNet · Jul 13

QR Code Phishing Attacks Jump 25%, Bypassing MFA to Steal Data

3 articles · Updated · ZDNet · Jul 13

Summary

  • QR code phishing rose 25% year over year, with attackers increasingly hiding malicious codes in email attachments such as PDFs rather than plain email messages.
  • Those campaigns work by pushing victims from a scanned code to a cloned login page, where attackers capture credentials and session tokens to get around multi-factor authentication.
  • Microsoft Defender said QR-code lures grew from 10% to 30% of total phishing campaigns in recent months, while Google warned in June that quishing and adversary-in-the-middle attacks are replacing older email tactics.
  • Physical QR codes also pose risks—fake stickers, posters and business cards can send users to malicious sites—prompting advice to avoid scanning unexpected codes and instead open official apps or websites directly.

Insights

Why are top executives targeted 42 times more than employees by QR code phishing scams?
How is AI turning simple QR codes into the perfect weapon for undetectable cyberattacks?
As quishing bypasses standard security, is your MFA still enough to protect you?