QR Code Phishing Is Getting More Stealthy Fast
KnowBe4, Tuesday, April 8th, 2025
Attackers are using new tactics in QR code phishing (quishing) attacks, according to researchers at Palo Alto Networks' Unit 42.
Quishing attacks hide phishing URLs within QR codes, allowing them to more easily evade security filters and trick the user into opening the link on their phone.
'One tactic involves attackers concealing the final phishing destination using legitimate websites' redirection mechanisms,' Unit 42 says. 'Another tactic involves attackers adopting Cloudflare Turnstile for user verification, enabling them to evade security crawlers and convincingly redirect targets to a login page. We found that some of these phishing sites are specifically targeting the credentials of particular victims, suggesting pre-attack reconnaissance.'