Quishing is phishing delivered through a QR code, typically embedded as an image in an email body or printed on a physical surface in a public space. The QR code encodes a malicious URL that bypasses email-gateway URL-rewriting and link-filtering because the gateway sees only an image.

What is the cost of a quishing attack?

Average successful quishing incident is $620K. Lower than spear or BEC because the pivot path typically lands on a personal device outside the corporate environment, limiting blast radius. Higher than bulk phishing because the lure converts at materially higher rates.

What is the parking-meter quishing wave?

Through 2023-2024 attackers placed counterfeit QR codes on parking meters in major US cities (Austin, San Antonio, Houston initially, then spreading). Scanning the counterfeit QR led to a fake parking-payment portal that harvested payment-card data. Several US cities issued public-warning bulletins.

What stops a quishing attack at the email gateway?

Image-OCR scanning of inbound attachments and inline images, with URL extraction and reputation lookup on the decoded URL. Available in Proofpoint, Microsoft Defender for Office 365, and Abnormal Security. Not deployed by default in many legacy gateways.

Why does quishing convert better than email-link phishing?

Because the QR scan moves the victim from the corporate computer (with browser warnings, network filtering, EDR visibility) to the personal mobile device (with none of these). The defender loses visibility at the moment of the scan.

Filing 02.06.00Field 27 APR 2026Classification PublicStatus Open

Quishing: the QR-code phishing surge of 2024-2025

Q: How fast is quishing growing?

Keepnet 2025 reports approximately 400 percent growth in quishing volume from 2024 to 2025. The growth is driven by the gateway-bypass property of the QR-as-image payload and by the general normalisation of QR-code scanning in everyday consumer behaviour.

Average successful quishing incident: $620K. Keepnet 2025 tracks ~400% growth from 2024 to 2025. The defining feature is gateway-bypass through image encoding, combined with the device-shift from corporate computer to personal mobile.

Exhibit A

Why quishing is structurally different from URL phishing

Quishing (QR-code phishing) emerged as a distinct category in late 2022 and grew rapidly through 2023-2025. The category is structurally different from URL-based phishing in two ways that matter for defender economics. First, the payload is an image, which means the standard email-gateway URL-rewriting and reputation-lookup defences do not see the malicious URL until the victim has decoded the QR code with their phone camera. Second, the decode-and-visit step happens on the victim's mobile device, which is frequently outside the corporate network perimeter, without the EDR endpoint agent that would otherwise log or block the visit.

The combined effect is that quishing converts at a materially higher rate than URL phishing against the same target population. Independent measurements from Keepnet and Microsoft Threat Intelligence place quishing click-through at approximately 30 to 45 percent against a 12 to 18 percent baseline for URL phishing. The defender loses visibility at the moment of the scan because the subsequent attacker-controlled page is loaded by the victim's personal browser, frequently on a personal phone, with no corporate-issued certificate or monitoring agent in the path.[Keepnet 2025 + Microsoft Threat Intelligence 2024]

Exhibit B

The four canonical quishing patterns

DECLASSIFIED

Four lure patterns dominate the 2024-2026 quishing landscape. Each has distinct defender implications.

Inline-email QR with corporate pretext

Q-01

55% of quishing volume

The lure is an email body containing a QR code presented as the action target (commonly: 'Scan to review your payroll change', 'Scan to authenticate to Microsoft 365', 'Scan to enable MFA'). Bypasses URL-rewriting. The destination is typically a credential-harvest page styled to match the impersonated brand.

Physical QR overlay on public infrastructure

Q-02

20% of quishing volume

Counterfeit QR sticker placed over the legitimate QR on parking meters, EV chargers, restaurant menus, or QR-enabled payment terminals. The destination harvests payment-card data through a portal that mimics the legitimate one. The Austin and San Antonio parking-meter wave of 2023-2024 is the canonical reference.

Document-embedded QR in PDF attachment

Q-03

15% of quishing volume

QR embedded in a PDF attachment claiming to be an invoice, document signature request, or compliance form. Bypasses inline-image scanning because the QR lives inside the PDF rendering. Common against finance, HR, and legal-team recipients.

QR in image-attached email signature

Q-04

10% of quishing volume

The QR is embedded in what appears to be an email signature graphic or a corporate-letterhead image. Particularly effective against recipients who are accustomed to scanning a QR for vCard download. The destination usually targets credential harvest with a plausible vCard-style intermediate page.

Exhibit C

The parking-meter quishing wave: a 2023-2024 case study

CASE FILE

Through late 2023 and into 2024, attackers placed counterfeit QR-code stickers over the legitimate payment QR codes on parking meters in multiple US cities. The pattern began in Austin and San Antonio, then spread to Houston, Atlanta, Denver, and several other major US metropolitan areas. The Austin Police Department issued a public warning in December 2023 after dozens of consumer complaints; the City of San Antonio followed in January 2024. The pattern then spread internationally with similar cases reported in the UK and continental Europe.

The economic damage was material. Individual victim losses ran from approximately $40 (the typical parking-payment charge plus an immediate small follow-up charge) to several thousand dollars when the card was subsequently used for high-value purchases on the underground market. Aggregate consumer loss across the US wave is estimated at low-millions of dollars. The damage to the impersonated municipal-parking brand was harder to quantify but real: trust in QR-enabled municipal payment systems dropped measurably in consumer survey data through 2024.

The defender lesson is that physical-world QR overlays are an attack class that defenders cannot rely on technical controls to stop. The mitigation is procedural: municipalities and other public-infrastructure operators have moved to QR codes that include a visible verification token (a printed code that must match a code shown on the legitimate payment page) and to QR-code sealing techniques (tamper-evident overlays that show physical evidence of replacement). Adoption is uneven; most US cities still have unprotected QR codes on parking infrastructure as of mid-2026.[Austin PD bulletin Dec 2023 + San Antonio public notice Jan 2024 + Better Business Bureau alerts 2024]

Exhibit D

Cost-line composition against the $620K median

Cost line	Share of $620K	Dollar figure	Note
Credential-pivot containment	32%	$198K	Typically narrower than spear-phish due to personal-device pivot
Incident response + forensics	18%	$112K	Lower than email-link phishing (less visibility to recover)
Credential-reset cycle	14%	$87K	Scope depends on access yielded by harvested credential
Notification + monitoring	12%	$74K	Driven by downstream exfil scope
Customer-trust restoration	10%	$62K	For brands impersonated in physical-world variant
Awareness-training rebuild	8%	$50K	Quishing-specific module addition
Email-gateway control upgrade	6%	$37K	Image-OCR scanning enablement, one-time

The pivot-containment line is structurally smaller than for spear-phishing because the typical quishing payload lands on a personal mobile device with limited corporate-system reach. The customer-trust restoration line is unusual to this vector because impersonated brands carry burden even when no direct customer was harmed.[IBM 2025 + Keepnet 2025 quishing-vector breakdown]

Exhibit E

The control stack: image-OCR scanning and mobile DLP

The quishing control stack has two distinct layers: pre-scan (catching the QR-as-image at the email gateway) and post-scan (catching the destination URL on the mobile device). Both are necessary; neither is sufficient.

#1Image-OCR scanning at the email gateway

~60% of inline-email quishing volume

Cost: $8 to $20 per mailbox per year incremental

The gateway decodes QR codes embedded in image attachments and inline images, extracts the URL, and runs the URL through reputation lookup. Available in Proofpoint Aegis, Microsoft Defender for Office 365 (Tier 2+), Abnormal Security, and Mimecast. Not deployed by default in many legacy gateways.

#2Phishing-resistant MFA on all destinations

~90% of credential-pivot value

Cost: $50 per user one-time

Even if the victim scans and visits the malicious page, FIDO2 MFA prevents the credential from being usable elsewhere. The single most-leveraged universal control across all phishing variants.

#3Mobile-device-management (MDM) with browser-filtering

~50% of post-scan visit

Cost: $5 to $15 per device per month

MDM enforces a corporate-controlled browser policy on personal devices that access corporate resources. Catches the post-scan destination URL through corporate reputation feeds.

#4Quishing-specific awareness training module

~25% of click rate over 12 months

Cost: $2 to $5 per user per year incremental

Vendors including KnowBe4, Hoxhunt, and Cofense ship quishing-specific simulation modules. Trains users to inspect the URL after a QR scan before entering credentials. Lower-leverage than the technical controls but useful for risk-aware-culture build.

#5Physical-world QR-tampering controls

Public-infrastructure variant only

Cost: Highly variable

Tamper-evident sticker materials, visible verification tokens, and periodic QR-rotation reduce the physical-overlay attack class. Relevant only for organisations that publish QR codes on public-facing physical assets.

#6DLP on the mobile email client

~20% reduction in post-credential-exfil pivot value

Cost: MDM + DLP licence

DLP on the mobile email client can detect and block bulk-data exfiltration that follows a credential compromise. Late in the kill chain but a useful belt-and-braces layer.

Exhibit F

The mobile-device-shift problem

The structural reason quishing converts at higher rates than URL phishing is that the scan-action moves the victim across a device boundary that defenders have historically struggled to instrument. The corporate computer that received the email has EDR, browser-filtering, network monitoring, certificate-pinning, and full DLP coverage; the personal mobile that scans the QR has, in most enterprises, none of these. The defender's visibility into the post-scan attacker page is approximately zero unless the organisation has deployed MDM with browser-filtering on personal devices, which most have not.

The defender response has to acknowledge the device-shift rather than fight it. Two pragmatic responses dominate: first, accept that the post-scan visibility is lost and invest in pre-scan controls (image-OCR at the gateway) and post-credential controls (phishing-resistant MFA at the destination); second, deploy MDM with browser-filtering on the personal devices that access corporate resources, accepting the user-experience cost and the privacy negotiation that this implies. The second response is more expensive but covers a broader attack surface; the first is cheaper but accepts more residual risk.

The middle path that some organisations have settled on is mandatory FIDO2 MFA on the corporate resources most likely to be quishing targets (M365, SSO portal, payroll, corporate banking) without requiring full MDM on personal devices. This closes the highest-value attack chains while preserving personal-device autonomy. It accepts that low-value credential harvesting will still succeed but limits the downstream pivot value to near zero. The cost-per-dollar-of-loss-prevented is favourable.[Microsoft Threat Intelligence Quishing Report 2024 + Keepnet 2025]

Exhibit G

Frequently filed questions

ON RECORD

What is the average cost of a quishing attack?[open]

$620K per successful incident. Lower than spear-phish due to narrower pivot path; higher than bulk phishing due to better conversion rate.

How fast is quishing growing?[open]

Approximately 400% from 2024 to 2025 per Keepnet 2025. The growth is sustained by the gateway-bypass property of QR-as-image and by normalised consumer QR-scanning behaviour.

Why does quishing convert so well?[open]

The QR scan moves the victim from the corporate computer (with browser warnings and EDR visibility) to the personal mobile device (with neither). Defender visibility drops to near zero at the scan.

What is the parking-meter wave?[open]

Through 2023-2024, attackers placed counterfeit QR stickers on parking meters in Austin, San Antonio, and other US cities, harvesting payment-card data through fake parking-payment portals. Now a documented international pattern.

Does image-OCR at the email gateway stop quishing?[open]

Approximately 60% of inline-email volume, yes. Does nothing for the physical-world variant. Modern Proofpoint, Defender for O365, Abnormal, and Mimecast deployments include image-OCR; legacy gateways often do not.

Should we require MDM on personal devices?[open]

Depends on organisational appetite. MDM with browser-filtering catches post-scan destination URLs. Most organisations land on a middle path: enforce phishing-resistant MFA on corporate destinations without requiring MDM on personal devices.

Does FIDO2 MFA help against quishing?[open]

Yes, decisively. Even if the credential is harvested, FIDO2 prevents the credential being used elsewhere. The single most-leveraged universal phishing defence.

Exhibit H