← All stories
● Covered by 1 source Β· 1 reportMedium impact

QR Code Phishing (Quishing) Threats on the Rise, Bypassing MFA

Aggregated by BrevFeed security Β· updated 4h ago
πŸ”– Save

QR code phishing, or 'quishing,' is increasingly used to bypass multi-factor authentication and steal data. With a reported 25% year-over-year increase, these scams often disguise malicious links in QR codes found in emails, attachments, or physical settings, raising concerns about security.

Key points

Emerging Threat of Quishing

Quishing is a new phishing method that utilizes QR codes to bypass traditional phishing filters. Attackers embed malicious links in these codes, enticing victims to scan them through deceptive messages often featuring urgency or rewards.

Dangers of Quishing

Once a victim scans the QR code, they can be redirected to fraudulent sites designed to capture sensitive information or compromise their accounts. The schemes often mimic messages from legitimate sources such as banks or social media platforms.

Current Trends in QR Phishing

According to Hoxhunt's 2026 Phishing Trends Report, while basic QR-code phishing via email is declining, it has transitioned into attachments like malicious PDFs. This shift highlights a concerning trend, as traditional methods are being replaced by more sophisticated tactics.

Wider Implications and Prevention

Quishing poses a significant threat, as it can occur in both digital and physical contexts, with QR codes found on fake business cards and posters. Users are advised to remain cautious when scanning QR codes and to verify the sources of unsolicited messages.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β€” check the original sources. How BrevFeed works β†’

Primary sources

GitHub uuidjs/uuid

Reporting from

QR code phishing, or 'quishing,' is increasingly used to bypass multi-factor authentication and steal data. With a reported 25% year-over-year increase, these scams often disguise malicious links in QR codes found in emails, attachments, or physical settings, raising concerns about security.