Phishing attacks using QR codes rose more than fivefold in late 2025, according to Kaspersky, with detections climbing from 46,969 in August to 249,723 in November. The company said cybercriminals are increasingly embedding malicious QR codes in emails and PDF attachments to trick consumers into scanning them on mobile phones, where protections are weaker than on workplace computers.
Once scanned, the codes often redirect users to fake login pages for services such as Microsoft accounts or online portals, designed to steal usernames and passwords. Some campaigns mimic purchase confirmations or invoices, while others combine QR phishing with phone calls urging victims to “cancel” transactions, enabling further fraud.
Kaspersky’s Roman Dedenok said the explosive growth in November shows attackers are capitalizing on QR codes as a low-cost evasion technique. He warned that without safe scanning practices and advanced detection tools, consumers remain at risk of credential theft, account compromise, and financial loss.
The company advises users to avoid scanning QR codes from unsolicited emails and to rely on trusted security solutions that can detect hidden phishing links.
