Barracuda’s threat intelligence team has uncovered over half a million phishing emails in the last three months using a new tactic—embedding QR codes in PDF attachments.
This type of attack, known as QR code phishing or quishing, tricks victims into scanning QR codes with their mobile phones, which then direct them to malicious websites designed to steal sensitive information, such as login credentials or financial data.
This marks a shift from traditional phishing methods, where QR codes were placed directly in email bodies.
“Cybercriminals are constantly refining their phishing techniques to make attacks appear more legitimate and convincing to the unsuspecting victim, with the use of QR codes in PDF documents being one of many tactics we’re closely tracking,” says Adam Khan, VP Global Security Operations, Barracuda.
{loadposition peter}
“These attacks can easily evade traditional email filters, making them difficult to detect.
“Organisations must adopt multilayered email security with advanced AI that analyses not just links and attachments, but also potential impersonation attempts within attachments.
“ Educating users about the risks of scanning QR codes from unknown or questionable sources is essential. Additionally, ensuring that spam and malware filters are properly configured, conducting regular health checks on email gateway settings, and enabling multi-factor authentication will significantly enhance overall protection.”
For more information go to Barracuda’s full report