«
»

Here’s A New One For Me…. A Phishing Email That Uses QR Codes

I get phishing emails all the time. Such as my email address is about to be “deactivated” if I don’t re-authenticate to my server. Or I need to authenticate to my server to “keep my same password”. Since I run my own email server, I find these phishing attempts to be downright hysterical because there’s zero chance that they will work on me. But today I got this phishing attempt which is a bit more “interesting”, I got this email this morning:

Sidebar: Seeing as I am a company of two. The two being my wife and I, it’s funny that the threat actors think that we have an HR department. But I guess that a threat actor has to start someplace to try and phish you.

Now I obscured the QR code as I don’t want anyone scanning it. But in lieu of an attachment with a payload that executes on a target’s computer, or a link that the target clicks on, I got a QR code. Likely because it can evade spam filters and other security software or devices.

If you scan the QR code, which should be clear you should not scan the QR code if you get an email like this, it will take you to a phishing page that you are meant to enter your email address and your email password. This fits some other reports of this type of phishing that I have heard about. Here’s a quick list that I’ve posted on this blog in the past:

Fortra Discovers Sophisticated QR Code Phishing Campaign That Targets Office 365 Users

Abnormal Security Announces Enhanced Capabilities to Detect QR Code Attacks

C-Suite Receives 42x More QR Code Attacks Than Average Employee: Abnormal Security

New Report to Reveal QR Code Phishing Scams: Quishing You a Happy Holiday Season

INKY Discusses How Threat Actors Are Using QR Codes To Harvest Credentials

So what this means is that attacks like this one are becoming increasingly pervasive. Thus this is another attack vector that you need to be aware of to keep you and your organization safe.

This entry was posted on July 18, 2025 at 11:04 am and is filed under Commentary with tags . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “Here’s A New One For Me…. A Phishing Email That Uses QR Codes”

  1. David Miller Says:
    October 1, 2025 at 9:40 am

    The rise of QR code phishing really highlights how attackers are constantly adapting to bypass filters. It’s a reminder that one careless scan could lead to stolen credentials and, in turn, serious data breaches. From what I’ve seen working with a data breach law firm like https://mydatabreachattorney.com/, many incidents start with something as small as a phishing email, yet end up exposing sensitive information of thousands.

    Reply

Leave a Reply to David MillerCancel reply

Discover more from The IT Nerd

Subscribe now to keep reading and get access to the full archive.

Continue reading