The Dark Side of QR Codes: How a Simple Convenience Became a Risk

Article Written by: Chintana Bhaskara

Article Designed by: Chintana Bhaskara and Natasha Gumpula

A Convenience Turned Into a Trap

One scan is all it takes. A quick snap on your phone camera of a QR code at a public parking lot, in an email, on a poster, and now you’ve just

given hackers all your personal data. Something that was created for the convenience of people has become one of the easiest traps that people fall into all the time. QR codes were built for the convenience of our people for quick access, fast payments, and effortless connections, but it has now turned into our greatest weakness.

From a Tool to a Trap

The function of QR codes was to make it easier for people to access sites, make online transactions, join groups, and much more. However, this same tool that simplified our lives also made our lives much more risky from the twists of cybercriminals. According to Check Point Research, between 2021 and 2024 there has been an increase of 900% in QR code phishing attacks. Unlike regular links, a QR code doesn’t show where it is taking you beforehand, this is what attackers use to get people into these harmful sites. Cybersecurity experts warn people that these scams spread very quickly as cybercriminals are able to bypass traditional filters and security checks.

The Rise of the Silent Square

The danger doesn’t stop at your inbox, fake QR codes are being shown up in public spaces: blended into posters, payment machines, or even p

arking meters. This uprising of a new form of attack that is quite impossible to tell the difference has allowed cybercriminals to now target people physically too.

What started as a small unharmful trick has now become one of the easiest and globally used phishing attack methods. Reported by KeepN

et Labs, 22% of phishing attacks in the year 2023 included QR codes. In addition, Check Point Research found that more than 10% of phishing emails now include the use of QR codes. This allows for attackers to have another tool in their hands and trick unsuspecting victims.

Targeting the Big Fish

Hackers aren’t just going everywhere and anywhere, they go big or they go home, like people and industries with valuable data. The specific people they go for are executives and senior employees who have the pincodes and access to this sensitive information, making them attackers primary target. According to Recorded Future in late 2024, executives received 42 times more QR codes than any other regular employees. Industries like energy, finance, and manufacturing have been targeted heavily. KeepNet Labs notes that the energy sector of industry alone accounted for about 29% of QR code phishing attacks. While everyday people can be tricked into scanning malicious QR codes posted in public places, cybercriminals have targeted high-value individuals and industries to capture lots of sensitive information.

A Growing Cyber Threat

QR code phishing isn’t just standing still, it's continuously growing. Adversary-in-the-middle attacks are now allowing criminals to steal multi-factor authentication data once the victim scans the code and enters the login

information. Additionally, the increase of AI-generated phishing attacks have made recognizing them even harder, with professionally displayed messages and branding mimicking other sources. Recorded Future states that the use of AI in phishing scams has an 1,265% increase in phishing attacks overall. As attackers continue to use QR codes with advanced AI hacking techniques, the cyber threat is only growing. Without stronger defenses, QR codes could become one of the most common ways for cybercrime in the near future.

Think Before You Scan

QR codes aren’t going away anytime soon, they are too convenient and useful for us. However, as like any other tool, the dark side must always be taken into consideration. Something that started as a quick and easy way to access tools has become one of the most common ways to commit several simple cybercrimes.

Whether you’re trying to get a verification code from your online mailbox, or scanning a QR code at a café. Think for a moment. Check the source. Confirm if it is reliable. Check where the code is coming from. And never forget: in a world full of QR codes,  even the little things that you can’t see will still have an impact on you.

Website Citations:

• Landau, Shira. “The Dark Side of QR Codes: Business Impact of Quishing.” Checkpoint.com, 2025, emailsecurity.checkpoint.com/blog/the-dark-side-of-qr-codes-business-impact-of-quishing. Accessed 4 Oct. 2025.

• By Insikt Group ® Security Challenges Rise as QR Code and AI-Generated Phishing Proliferate. 2024.

• Labs, Keepnet. “2025 QR Code Phishing Trends: In-Depth Analysis of Rising Quishing Statistics.” Keepnet Labs, 15 Jan. 2024, keepnetlabs.com/blog/qr-code-phishing-trends-in-depth-analysis-of-rising-quishing-statistics.