The Attacker's Playbook: A Technical Analysis of Quishing and Encrypted SVG Payloads Used in HR Impersonation Phishing Attacks
KnowBe4, Thursday, August 21st, 2025
In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we're going under the hood to answer the critical question: How do these attacks technically bypass security defenses?
Analysis by our Threat Lab team shows these attacks are increasing in sophistication, with cybercriminals deploying sophisticated, multi-layered methodologies designed to evade native security and secure email gateways (SEGs). Here we provide technical analysis of two techniques: QR code phishing (quishing) and encrypted payload delivery.