Phishing attacks are constantly evolving and becoming more sophisticated [2] [7], as cybercriminals employ new tactics to deceive victims into divulging sensitive information or installing malicious software [2] [7]. One of the latest trends in phishing involves the utilization of QR codes [2] [7], CAPTCHAs [2] [3] [5] [6] [7] [8], and steganography [2] [3] [5] [6] [7] [8].


QR codes have become a popular tool for cybercriminals to carry out phishing attacks [4], as they are easy to incorporate [4], difficult to detect [4], and can trick users into giving up their credentials [4]. In 2023, there has been a significant increase in QR code phishing campaigns [4], also known as quishing [1] [4]. Quishing works by encoding malicious links in QR codes [4], making it easier for employees to fall for the scam and harder for automated systems to detect [4].

Additionally, CAPTCHA-based attacks employ CAPTCHAs to mask credential-harvesting forms on fraudulent websites [5], making it difficult for automated security systems to detect these malicious activities [3]. These attackers create multiple domain names and implement CAPTCHAs to elude automated security systems [5].

Furthermore, steganography is employed to hide malicious code within various types of media [3], such as images or videos [5], embedded in phishing emails [5]. By clicking on a link or downloading an attachment [5], unsuspecting victims unknowingly infect their systems with malware [5].

From a defender’s perspective [4], the danger of malicious QR codes lies in both the human element and the machine element [4], requiring a combination of employee education and technological defenses [4]. QR code attacks often involve cross-device interactions [4], emphasizing the need for security and policy around such interactions [4]. Attackers may use AI to generate convincing quishing emails [4], and organizations should conduct simulated attacks to assess their response [4]. Multifactor authentication can help mitigate the impact of a successful QR code attack [4].

While most quishing campaigns have targeted consumers [4], it is expected to spread to enterprise and government targets [4]. It is crucial to comprehend these attack techniques and acquire the knowledge to detect and safeguard against them. To effectively detect and prevent these evolving phishing attacks [3], proactive measures are needed [3]. ANY.RUN [6] [8], a malware analysis sandbox [6] [8], can detect and analyze these phishing tactics [6].


QR code phishing [1] [4] [8], also known as quishing [1] [4], is a cyber threat that exploits the use of QR codes in our digital landscape [1]. Cybercriminals manipulate QR codes to deceive unsuspecting individuals [1], redirecting them to malicious websites or applications [1]. These counterfeit codes can lead to fake login pages [1], fraudulent transactions [1], or the installation of malware [1]. QR code phishing can manifest in various forms [1], embedded in posters [1], business cards [1], or email attachments [1]. Understanding this type of phishing is crucial for safeguarding oneself in the dynamic landscape of digital interactions [1].