Tuesday, May 6, 2025
HomeCyber Security NewsHuge Surge in Hackers Exploiting QR code for Phishing Attacks

Huge Surge in Hackers Exploiting QR code for Phishing Attacks

Published on

SIEM as a Service

Follow Us on Google News

Phishing has been one of the primary methods threat actors use for impersonating individuals or brands with a sense of urgency that could result in private information being entered on a malicious URL.

Phishing has been set with several preventive measures that block any phishing email inside an organization.

However, with evolving technologies, threat actors have equipped themselves with the right tools that can help them evade any preventive mechanisms and prevent any individuals from giving up their confidential information. One of the latest techniques used by threat actors is Quishing or QR-based phishing

- Advertisement - Google News
Document
Live Account Takeover Attack Simulation

How do Hackers Bypass 2FA?

Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks .

QR-based Phishing Surges

There has been a big surge in Quishing attacks due to the evasion technique it offers and the success ratio. QRs have boomed in the last three years and are now used in several places, such as MFA, for viewing menus at restaurants, Wi-Fi password scanning, contactless payments, and several other purposes.

This makes QRs more dangerous than usual, as victims have low suspicions of malicious QR codes that can steal confidential information from the victim. Quishing is another important factor that makes it one of the biggest weapons in a threat actor’s arsenal.

When a user receives an email with a malicious QR, he/she scans the QR using their mobile phone, which brings them out of the organization’s security circle since no organization monitors personal mobile phones.

Scanning a malicious QR takes them to a malicious website that impersonates a Microsoft or Google login page, prompting them to enter their credential.

Since QRs have low suspicions among executives, users enter their credentials that provide the threat actor with a valid credential to an organization.

Malicious Quishing email (Source: Abnormal Security)
Malicious Quishing email (Source: Abnormal Security)

C-Suite Targeted High

Though any employee could be a target of a Quishing attack, researchers revealed that C-suite members such as chief executive officer (CEO), Chief financial officer (CFO), Chief operating officer (COO), and Chief information officer (CIO) were highly targeted due to the level of privilege and access they possess.

Quishing Attack ratio (Source: Abnormal Security)
Quishing Attack ratio (Source: Abnormal Security)

Non-C-Suite VIPs, such as executive vice presidents, senior vice presidents, and department heads, were also heavily targeted with Quishing attacks.

Suppose threat actors gain access to one of these high-level credentials. In that case, they can initiate an internal as well as an external fraudulent request that could target many employees inside an organization.

QR-based phishing attacks have been published by Abnormal Security, which provides detailed information about the attack vector, credential compromise, percentage ratio of targets, and other information.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI...

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion

UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider,...

Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware

Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800...

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI...