A recent analysis found that QR code phishing, or “quishing,” surged 146% as attackers increasingly target mobile users to bypass traditional email and web security controls. By embedding malicious links inside QR codes, threat actors can redirect users to credential-harvesting sites, malware downloads, or fraudulent authentication pages that appear legitimate on smartphones. Because QR codes are commonly trusted and widely used for payments, logins, and business workflows, they provide attackers with an effective mobile-first phishing vector. The findings highlight how social-engineering campaigns are evolving toward mobile devices, reinforcing the need for user awareness, secure scanning practices, and continuous mobile threat monitoring.
Read the full report here.
