Malicious QR codes concealed in PDF attachments of emails are increasingly being used in 'qishing' attacks by hackers.
The digital landscape is continually evolving, and so are the tactics employed by cybercriminals. The latest trend in phishing attacks, known as "quishing," is gaining traction, with malicious QR codes embedded in PDF documents posing a significant threat to small and medium-sized businesses (SMBs).
According to recent reports, over 1.7 million unique malicious QR codes were detected in emails worldwide, with millions of emails containing QR codes daily that direct victims to phishing or malware sites. One notable evolution is the embedding of malicious QR codes inside PDF documents attached to phishing emails. Barracuda Networks, for instance, discovered around half a million emails containing phishing QR codes within PDFs between June and September 2024.
These attacks are designed to steal login credentials and other sensitive information, with nearly 90% of QR code attacks targeting this data. The convenience and trust users place in QR codes make them an effective vector for cybercriminals. Since QR codes hide their destination URLs visually, victims often fail to verify the URLs before scanning, making it easier for attackers to execute their malicious intentions.
The attacks have regional preferences, with Asia-Pacific targeting banks, Europe targeting payment processors and government services, and North America targeting enterprise cloud services and financial platforms. This suggests that the attacks are tailored to specific industries and geographic locations, increasing the risk for SMBs.
SMBs are particularly vulnerable due to limited security resources and awareness gaps. They may be more trusting of seemingly legitimate QR codes in everyday workflows and less prepared for this evolving threat. With quishing attacks bypassing traditional email filters and integrating into documents that employees frequently interact with, SMBs become easy victims of credential theft, financial fraud, and malware infections.
To mitigate this threat, it is recommended that businesses update their phishing awareness programs to explicitly cover QR code scams, educate staff to preview QR destinations before scanning, discourage blind scanning of QR codes from unknown sources, deploy secure QR code readers that validate URLs, and conduct simulated quishing attacks as part of security training.
In conclusion, quishing attacks using malicious QR codes in PDFs are a growing and evolving cyber threat that leverages the trust and convenience of QR codes to bypass traditional defenses and target sensitive data. SMBs face particular risk due to limited security resources and awareness gaps, making enhanced training and technical controls essential to mitigate this threat.
Cybersecurity experts are urging small and medium-sized businesses (SMBs) to reinforce their cybersecurity measures, given the increasing trend of quishing attacks that use malicious QR codes within PDF documents. These attacks, often targeting login credentials and sensitive financial information, are especially dangerous because they frequently bypass traditional email filters and take advantage of the trust users put in QR codes. Therefore, it's crucial for SMBs to equip themselves with technology that validates URLs before scanning QR codes, in addition to providing staff with cybersecurity education and simulated quishing attack training.
