Saturday, May 24, 2025
HomeCyber Security NewsHuge Surge in Hackers Exploiting QR code for Phishing Attacks

Huge Surge in Hackers Exploiting QR code for Phishing Attacks

Published on

SIEM as a Service

Follow Us on Google News

Phishing has been one of the primary methods threat actors use for impersonating individuals or brands with a sense of urgency that could result in private information being entered on a malicious URL.

Phishing has been set with several preventive measures that block any phishing email inside an organization.

However, with evolving technologies, threat actors have equipped themselves with the right tools that can help them evade any preventive mechanisms and prevent any individuals from giving up their confidential information. One of the latest techniques used by threat actors is Quishing or QR-based phishing

- Advertisement - Google News
Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

QR-based Phishing Surges

There has been a big surge in Quishing attacks due to the evasion technique it offers and the success ratio. QRs have boomed in the last three years and are now used in several places, such as MFA, for viewing menus at restaurants, Wi-Fi password scanning, contactless payments, and several other purposes.

This makes QRs more dangerous than usual, as victims have low suspicions of malicious QR codes that can steal confidential information from the victim. Quishing is another important factor that makes it one of the biggest weapons in a threat actor’s arsenal.

When a user receives an email with a malicious QR, he/she scans the QR using their mobile phone, which brings them out of the organization’s security circle since no organization monitors personal mobile phones.

Scanning a malicious QR takes them to a malicious website that impersonates a Microsoft or Google login page, prompting them to enter their credential.

Since QRs have low suspicions among executives, users enter their credentials that provide the threat actor with a valid credential to an organization.

Malicious Quishing email (Source: Abnormal Security)
Malicious Quishing email (Source: Abnormal Security)

C-Suite Targeted High

Though any employee could be a target of a Quishing attack, researchers revealed that C-suite members such as chief executive officer (CEO), Chief financial officer (CFO), Chief operating officer (COO), and Chief information officer (CIO) were highly targeted due to the level of privilege and access they possess.

Quishing Attack ratio (Source: Abnormal Security)
Quishing Attack ratio (Source: Abnormal Security)

Non-C-Suite VIPs, such as executive vice presidents, senior vice presidents, and department heads, were also heavily targeted with Quishing attacks.

Suppose threat actors gain access to one of these high-level credentials. In that case, they can initiate an internal as well as an external fraudulent request that could target many employees inside an organization.

QR-based phishing attacks have been published by Abnormal Security, which provides detailed information about the attack vector, credential compromise, percentage ratio of targets, and other information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...