There has been a notable increase in QR code phishing incidents, also known as quishing [1], as cyber-criminals exploit the use of personal devices by employees without enterprise protection. This article examines the findings of ReliaQuest’s Threat Spotlight Report, which reveals a 51% surge in incidents in September compared to the previous eight months [1] [2]. Additionally, cybercrime forums have shown a heightened interest in this tactic [2], sharing links to QR code generators and articles on phishing techniques [1] [2].


The report highlights four techniques employed by fraudsters to enhance the success of their campaigns. Firstly, they pressure targets through phishing emails, creating a sense of urgency or fear to prompt action. Secondly, they masquerade as legitimate organizations [2], deceiving victims into sharing sensitive information. Thirdly, they hide QR codes in email attachments [2], tricking recipients into scanning them unknowingly. Lastly, they utilize domain redirection to redirect victims to malicious websites.

To address this growing trend, the report recommends several measures. Firstly, enhanced employee education is crucial to ensure individuals are aware of the risks associated with QR code phishing. Secondly, discouraging the scanning of QR codes on personal devices can help minimize the potential for exploitation. Lastly, implementing customized inbox rules and QR code-scanning apps can provide an additional layer of protection.


The rise in QR code phishing incidents poses significant threats to individuals and organizations alike. It is imperative to take proactive steps to mitigate these risks. By prioritizing employee education, discouraging the use of personal devices for scanning QR codes, and implementing additional security measures, organizations can enhance their defenses against this growing trend. Failure to address this issue may result in severe consequences, including financial losses and reputational damage. As cyber-criminals continue to evolve their tactics, it is crucial to remain vigilant and adapt security measures accordingly.