QR code phishing attacks, known as “quishing,” are on the rise, posing a significant cybersecurity threat in 2025.
Story Highlights
- Quishing attacks surged to 51% of phishing campaigns in September 2023.
- Cybercriminals use QR codes to evade traditional email security.
- High-value sectors like energy and finance are prime targets.
- Detection rates are low, leading to costly breaches.
Escalation of Quishing Attacks
Since mid-2023, quishing attacks have rapidly increased, exploiting the widespread use of QR codes in business and consumer contexts. These attacks, which redirect users to malicious websites via QR codes, have escalated to account for significant portions of phishing campaigns, with projections indicating further growth in 2025. Cybercriminals bypass traditional email security by embedding harmful QR codes in PDFs and JPEGs, targeting industries such as energy, manufacturing, and finance.
The adoption of QR codes during the COVID-19 pandemic for contactless transactions has led to their increased usage, making them an attractive target for cybercriminals. Initially developed for inventory tracking, QR codes are now embedded in emails and physical locations, providing attackers with a versatile tool to bypass technical defenses.
Impact on High-Value Sectors
The energy, manufacturing, insurance, technology, and finance sectors are particularly vulnerable to quishing attacks due to their high-value assets and reliance on digital-first interactions. The low detection rate of these attacks — only 36% are identified by recipients — exacerbates the risk, leading to potential data breaches and financial losses. The average cost of a QR code phishing breach ranges from $4.45 million to $4.9 million.
Security vendors have been prompted to innovate in response to these threats, developing new tools and guidelines to help organizations safeguard against quishing. Despite these efforts, the underreporting and underdetection of incidents remain significant challenges.
Call for Enhanced Security Measures
Experts emphasize the urgent need for increased user education on the risks associated with QR codes. Cybersecurity firms are advising organizations to implement multi-factor authentication and zero-trust approaches to mitigate these risks. Regulatory bodies may also introduce new compliance requirements to address the evolving threat landscape. As QR code usage continues to grow, maintaining vigilance and adopting robust security measures are crucial to protecting against these sophisticated phishing tactics.
QR code scams rise as 73% of Americans scan without checking https://t.co/TWFv3cCOMU
— My News By You (@Anessoft3575) August 7, 2025
Quishing attacks illustrate the dynamic nature of cyber threats, underscoring the need for continuous adaptation in cybersecurity practices. As attackers exploit new vulnerabilities, organizations must remain proactive in their defense strategies to safeguard sensitive information and maintain trust in digital interactions.
Sources:
2024 QR Code Phishing Trends: In-Depth Analysis of Rising Quishing Statistics
