Quishing is the New Phishing: Why QR Codes are Bypassing Your Enterprise Email Security

Published December 5, 2025 by Stronglink Team

The humble QR code, once a convenient tool for menus and website links, has been weaponized. The latest threat surge in email security is "Quishing" (QR Code Phishing), and it represents a significant...

The humble QR code, once a convenient tool for menus and website links, has been weaponized. The latest threat surge in email security is "Quishing" (QR Code Phishing), and it represents a significant challenge for enterprise security teams. This sophisticated tactic is allowing threat actors to slip highly effective phishing campaigns right past traditional email protection, leveraging a blind spot between desktop security and mobile user behavior. Traditional email security gateways (SEGs) and advanced filters are designed to analyze email content, particularly looking for malicious Uniform Resource Locators (URLs) and keywords. This is where Quishing shines as an attack vector. In essence, attackers are using the QR code as a clever container to deliver a malicious link in a way that is invisible to the protective layer guarding the email itself. A Quishing attack typically follows a few simple, yet highly effective, steps that bypass traditional security measures and exploit mobile device vulnerabilities. Traditional filters can't see what's inside a QR code, but our AI can. Ready to close the gap in your email security? Contact us today to learn how Sentaro.ai’s autonomous AI agents continuously learn from your environment to detect and block Quishing and other emerging threats before they reach your inbox. Book a free demo or get started with a trial of our AI-driven email security platform.