Kaspersky has warned of a sharp rise in phishing emails using malicious QR codes, with detections jumping from 46,969 in August to 249,723 in November 2025. The surge reflects how attackers are increasingly disguising phishing links inside QR codes to bypass corporate email defenses.
The company said many campaigns now impersonate routine workplace communications, including HR notifications, vacation schedules, or staff updates. Employees scanning QR codes embedded in PDF attachments are redirected to fake login pages designed to steal corporate credentials. Fraudulent invoices and purchase confirmations are also being used, sometimes combined with voice phishing calls that trick victims into dialing phone numbers for “cancellations” or clarifications.
Roman Dedenok, Anti-Spam Expert at Kaspersky, noted that malicious QR codes have become one of the most effective phishing tools of the year, particularly when hidden in business-related documents. He said organizations without advanced image analysis at email gateways remain vulnerable to account takeovers and data breaches.
Kaspersky recommends deploying secure mail server solutions and promoting safe scanning practices to protect employees from credential theft and financial fraud.
