Hackers are using QR codes in emails more frequently because they provide a simple and cost-effective way to conceal malicious URLs, global cybersecurity firm Kaspersky says.
- •The firm's detections of malicious QR codes jumped from 46,969 in August 2025 to 249,723 in November 2025 – a more than fivefold growth – as cybercriminals increasingly exploit QR codes, a trend that will likely continue in 2026
- •These QR codes are often embedded directly in email bodies or, even more commonly, within PDF attachments – an evolution that both masks phishing links and encourages users to scan them on mobile phones, which may have weaker security than work PCs.
- •Links embedded in malicious QR codes may lead to phishing forms impersonating trusted services, or to fraudulent invoices or purchase confirmations in PDF attachments, or fake HR notifications urging employees to review or sign documents.
"The explosive growth in November 2025 highlights how attackers are capitalising on this low-cost evasion technique to target employees on mobile devices, where protection is often minimal," Roman Dedenok, Anti-Spam Expert at Kaspersky says.
