They bypass many legacy controls because those controls are built around visible URLs, file attachments, or text-based indicators. A QR code hides the destination inside an image, so the threat is not obvious until decoding occurs. That creates a visibility gap between message inspection and identity risk.
Why This Matters for Security Teams
QR code lures matter because they shift the payload out of the parts of email security that legacy controls inspect best. Many gateways still prioritise visible URLs, attachment types, and text-based indicators, but a QR code compresses the destination into an image that must be rendered or decoded before risk is visible. That creates a gap between message delivery and user action, which is exactly where credential theft and session hijacking begin.
This is not just a phishing variant. It is a control-evasion problem that exposes how much of email security still assumes the threat is readable at rest. As NHIMG notes in its 52 NHI Breaches Analysis, identity compromise often becomes visible only after access has already been abused. For QR-based attacks, the same pattern holds: the message looks inert until the endpoint, mobile camera, or browser interprets it. Current guidance from CISA cyber threat advisories supports treating delivery and identity validation as separate controls, not one control with different packaging.
In practice, many security teams encounter QR phishing only after a user has already authenticated to a spoofed site, rather than through intentional detection at the mail gateway.
How It Works in Practice
The core weakness is that many legacy controls look for indicators that do not survive image encoding. A QR code can contain a shortened link, a redirect chain, or a benign-looking landing page that resolves into a credential prompt after the scan. Some email filters will OCR text around the image, but the QR payload itself is often not decoded at inspection time, and even when it is, the destination may be hidden behind redirects or time-limited links.
That means defenders need layered inspection across the message, the device, and the destination. Current best practice is to combine mail filtering with image analysis, URL detonation, browser isolation, and identity-aware controls that verify the destination before login. For teams managing secrets and NHIs, the relevant lesson is that the attack frequently ends in token capture, API key theft, or session replay, not just a bad click. NHIMG’s Top 10 NHI Issues and Ultimate Guide to NHIs — Key Challenges and Risks both reinforce that identity exposure often happens through channels security tools do not treat as primary authentication surfaces.
- Scan QR images as part of message processing, not only visible hyperlinks.
- Block or warn on QR codes that lead to newly registered, redirected, or credential-collecting domains.
- Apply mobile and browser protections because QR attacks often land on unmanaged devices.
- Bind authentication to phishing-resistant methods where possible, so a scanned link cannot easily harvest reusable secrets.
External reporting such as the Anthropic report on AI-orchestrated cyber espionage and the MITRE ATLAS adversarial AI threat matrix also show how attackers increasingly chain low-friction delivery methods into credential abuse workflows. These controls tend to break down in mobile-heavy environments where users scan QR codes outside the managed browser path and the destination opens before any security layer can inspect the actual page content.
Common Variations and Edge Cases
Tighter QR inspection often increases user friction and mail-processing overhead, so organisations have to balance stronger detection against false positives and operational latency. That tradeoff is especially visible when legitimate business processes use QR codes for sign-in, event access, or document retrieval.
There is no universal standard for this yet, but current guidance suggests treating trusted QR usage as an exception path with strong governance rather than as a blanket allow. The hard cases are internal email threads, vendor invoices, and executive-targeted campaigns, where the message context looks trustworthy and the QR code is the only malicious element. Mobile email clients and personal devices are also common weak points because they bypass desktop security tooling, and image-based payloads can survive sanitisation unless the gateway explicitly decodes them.
NHIMG’s Ultimate Guide to NHIs — Why NHI Security Matters Now is a useful reminder that identity compromise now starts in many places besides classic login pages. The practical takeaway is to assume QR code attacks will evolve toward better branding, shorter dwell time, and more device-specific redirects, which makes static pattern matching less reliable over time.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10, OWASP Agentic AI Top 10 and CSA MAESTRO address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-01 | QR attacks often end in secret or token capture, a core NHI exposure path. |
| OWASP Agentic AI Top 10 | AIC-04 | Agentic workflows show how image-based delivery can trigger unsafe tool use. |
| CSA MAESTRO | IC-1 | Focuses on identity-centric controls needed when message payloads hide attack intent. |
| NIST AI RMF | Supports governance for unpredictable AI-assisted phishing and delivery abuse. |
Inventory and protect all secrets, then treat any credential exposed through QR phishing as compromised.
