2025 QR Code Phishing Trends: In-Depth Analysis of Rising Quishing Statistics

In 2025, QR code phishing has become a significant concern for individuals and businesses. With the increased use of Quick Response (QR) codes for various transactions and information sharing, malicious actors have found a ground for exploiting unsuspecting users.

This blog post explores the latest QR code phishing statistics, shedding light on the scale and sophistication of these scams. We aim to provide readers with a comprehensive understanding of the current landscape of QR code-related fraud, offering insights into the most common tactics used by scammers and their impact on victims.

QR Code Phishing Statistics 2025

QR code phishing, or "quishing," is a cyber attack method that uses malicious QR codes to trick individuals into revealing sensitive information.

In 2025, quishing attacks surged significantly, reflecting a broader trend in social engineering tactics. Nearly 90% of these attacks are crafted to steal login credentials and other sensitive data — commonly targeting corporate email systems, cloud storage platforms, and remote access tools. (Source)

The use of AI has made quishing attacks more advanced, allowing cybercriminals to quickly create realistic phishing pages, tailor scams to individual targets, and adjust their methods on the fly. This has made quishing harder to detect and more effective across a wide range of industries.

QR Code Phishing Incidents Rise in 2023 -2025

These quishing statistics show that from June to August 2023, a startling surge in QR code phishing emails was observed. Systems detected 8,878 such incidents, indicating a worrying shift in cybercriminal tactics. June witnessed the peak of this trend, with 5,063 reported cases in QR code phishing statistics.

This spike coincided with a sharp rise in the use of QR codes as phishing payloads—up from just 0.8% in 2021 to 12.4% in 2023, and sustaining a high rate of 10.8% in 2024. (Source) As attackers increasingly embed malicious QR codes into emails, they exploit users' trust in visual simplicity and mobile-first habits.

Low Detection and Reporting Rates of QR Code Phishing Attacks

These QR codes phishing statistics reveal that the low detection and reporting rate is a concerning aspect of these attacks. Only 36% of these incidents were accurately identified and reported by the recipients. This gap in security awareness and preparedness leaves many vulnerable to the risks associated with deceptive QR phishing.

Targeted Industries: The Primary Victims of QR Code Phishing

Analysis reveals that these Quishing campaigns more frequently target certain industries. These quishing statistics underscore that the Energy sector is the most vulnerable, receiving 29% of over 1,000 malware-infested phishing email QR codes. These QR code phishing statistics also show that manufacturing, Insurance, Technology, and Financial Services sectors are also at high risk, indicating a strategic focus by cybercriminals on sectors they perceive as either more lucrative or vulnerable.

QR Codes: A Preferred Tool in Phishing Campaigns

In these phishing campaigns, 26% of all malicious links were embedded in phishing QR code, highlighting the significant reliance of attackers on this method. 2023 marked a 587% increase in Quishing incidents, demonstrating its growing popularity among cybercriminals. Furthermore, QR codes were used in 22% of all phishing attacks during this period, emphasizing their critical role in the phishing landscape.

Projected Growth in QR Code Payment Systems and Associated Risks

By 2025, global expenditures via QR code payments will be projected to exceed $3 trillion, a substantial rise from $2.4 trillion in 2022. This growth, especially in markets like India, opens up vast opportunities for fraudulent QR code schemes, presenting a significant challenge in digital security.

Executives Face 42 Times More QR Code Phishing Attacks Than Average Employees in 2023

In 2023, executives experienced 42 times more QR code phishing attacks than the average employee. This alarming quishing statistic underscores the heightened risk that high-ranking professionals face in the digital landscape. Cybercriminals target executives due to their access to sensitive information and decision-making power within organizations.

Malicious QR Codes Account for Nearly 2% of All Scanned QR Codes

In a recent analysis, it was revealed that nearly 2% of all scanned QR codes were malicious. This quishing statistic highlights the growing threat of QR code phishing, where cybercriminals embed harmful links and malware into seemingly harmless codes. As QR codes become increasingly popular for various applications, the risk of encountering malicious ones rises.

Credential Phishing: Dominant Threat in QR Code Attacks

Credential phishing emerged as the primary threat in QR code attacks, with approximately 89.3% of detected incidents aimed at stealing login information and other sensitive data. This qr code phishing statistic highlights the urgent need for enhanced security measures and awareness to protect valuable credentials from cybercriminals.

Industry Impact: Retail Sector Most Vulnerable to QR Code Phishing

Different industries exhibit varying susceptibility levels to QR code phishing attacks. The retail industry, in particular, had the highest miss rate, indicating that a significant portion of employees struggled to identify and report suspicious QR codes. This quishing statistics the importance of industry-specific training and vigilance to combat the growing threat of QR code phishing.

60 Quishing Statistics and Trends

Here is a numbered list of 60 quishing statistics and trends, compiled from 2025 sources with resources noted:

• QR code phishing attacks surged 51% in September 2023 vs. Jan-Aug cumulative.
• 8,878 quishing incidents from June-Aug 2023, peaking at 5,063 in June.
• 587% increase in quishing incidents in 2023.
• QR codes used in 22% of all phishing attacks in 2023.
• Global QR code payments projected to exceed $3T by 2025.
• Executives face 42x more QR code attacks than average employees.
• Nearly 2% of scanned QR codes are malicious.
• 89.3% of QR attacks aim at credential theft.
• Only 36% of QR phishing incidents accurately identified and reported.
• Energy sector receives 29% of malware-infested quishing emails.
• Retail has the highest miss rate for detecting malicious QR codes.
• Security training improves QR phishing detection by 87% in three months.
• Average business loss from quishing exceeds $1M per incident.
• 26% of malicious links embedded in QR codes in phishing campaigns.
• Quishing incidents rising 25% year-over-year into 2025.
• 12% of phishing emails contain QR codes in 2024.
• 41% of phishing involves multi-channel attacks including quishing.
• Malicious QR codes risen by 25% in 2025.
• 26% of phishing with URL redirects use QR codes.
• 331% year-over-year increase in QR code phishing campaigns (Cofense data).
• Half a million phishing emails with QR in PDFs detected mid-2024.
• 90% of QR attacks are credential phishing.
• 27% of quishing uses fake MFA notices.
• 21% of QR attacks involve fake shared document notifications.
• QR scans quadrupled to 41.77M globally by 2025.
• 12% of quishing hides codes in PDF/JPEG attachments.
• 56% of quishing emails involve Microsoft 2FA resets.
• 48.6% of HR/IT phishing emails (often QR-based) are highly effective.
• 18% of quishing targets online banking pages.
• Only 39% of consumers can identify malicious QR codes.
• 36% of Germans have scanned suspicious QR codes.
• 20x surge in QR phishing in fall 2023.
• QR payloads from 0.8% (2021) to 10.8% (2024).
• 427% increase in quishing attacks in September 2023.
• Malicious QR from 1.8% to 9.5% of scanned in Aug-Sept 2023.
• Quishing from 0.4% to 8.8% of malicious incidents in Aug-Sept 2023.
• QR codes in 22% of phishing in early Oct 2023.
• Engaged employees have 40% miss rate vs. 90% for disengaged.
• 73% of Americans scan QR without verification.
• Over 26M Americans directed to malicious sites via QR.
• 4/5 top Bitcoin QR generators were scams in 2019.
• Non-C-suite VIPs face 5x more attacks.
• Attacks widespread in US/Europe, medical, automotive, education, energy, finance.
• Use of redirects/open redirects to mask phishing.
• Cloudflare Turnstile for human verification in attacks.
• Pre-populated victim emails in phishing URLs.
• Fake pages reject arbitrary credentials for targeting.
• Bypasses legacy security via minimal text/URLs.
• Shift to mobile devices lacks protections.
• More than half quishing impersonates Microsoft.
• Dynamic QR codes evade static scans.
• QR redemption to surge to 5.3B in 2025, boosting quishing.
• Macro-enabled Excel for QR generation in attacks.
• Energy, finance, healthcare, education highest targeted.
• SMBs especially vulnerable to quishing.
• Nation-state use of QR for RAT distribution.
• AI fueling advanced quishing with realistic pages.
• Quishing part of 4,151% phishing rise since ChatGPT.
• 28% increase in real threat reporting in 2022, 13% in 2023, leveling in 2024.

The Need for Enhanced QR Code Security Measures

These statistics on QR code phishing underscore the escalating threat of Quishing. As cybercriminals refine their tactics, staying informed and adopting proactive defense strategies becomes paramount. The rising trend of Quishing is a stark reminder of the persistent and evolving nature of cyber threats like voice phishing attack statistics suggest. Enhanced QR code security measures like quishing simulators are advisable and essential in safeguarding against these sophisticated phishing attacks.

Protect Your Business Against QR Code Phishing Attacks with Keepnet's Quishing Simulator

Keepnet's Quishing Simulator, a sophisticated, cloud-based solution, is designed to evaluate and fortify your defenses against these QR phishing threats. With its extensive range of features, including over 600 ready-to-use templates and customizable scenarios in more than 30 languages, this tool is pivotal in nurturing a security-conscious culture within your organization.

Benefits of Keepnet's Quishing Simulator

• Effective Security Awareness Training: Elevate your organization's defenses against QR phishing risks. Reduce the likelihood of financial losses, which can average over $1 million, while potentially achieving significant ROI through improved efficiencies and cost savings.
• Enhanced Security Framework: Identify and mitigate risky behaviors to cultivate a robust security culture, effectively countering ongoing QR Code phishing threats.
• Elevating Cybersecurity Knowledge: Experience an 87% improvement in employees' ability to identify and report QR Code phishing attacks within just three months.
• Mitigating Legal Risks and Maintaining Compliance: Stay compliant with data protection laws to avoid substantial fines and legal complications.
• Thorough Regulatory Adherence: Align your organization with GDPR, CCPA, and other relevant regulations.

Watch our Youtube video below and see how we can protect you againts QR code phishing attacks with our QR Code Phishing Simulation software.

Editor’s note: This blog was updated on September 8, 2025.