In practical terms, a victim receives a phishing email devoid of traditional hyperlinks. Instead, adjacent to the call to action or within the email signature, resides a QR code enclosed in a .JPG or .PNG file. This format allows the QR code to evade conventional email security measures.
The devious aspect is that the victim may not perceive the concealed link, which is often the primary indicator of a phishing attempt. Instead, they innocently scan the QR code with their mobile device, unwittingly transporting themselves to a malicious landing page. On this nefarious webpage, they might encounter enticing offers to download malware, deceptive requests for login credentials, or prompts to register for a service—all of which expose sensitive information to the attackers.
