• QR code analysis

Detection Method: QR code analysis

QR code analysis scans and decodes QR codes in emails, attachments, or links to uncover potential security threats that could affect you. This method extracts data from QR codes, checking for malicious URLs, phishing attempts, or harmful contact information.
QR code analysis can help you detect:
  • Phishing links camouflaged as legitimate QR codes in attachments or images
  • Malicious URLs redirecting you to credential harvesting sites
  • QR codes that prompt automatic downloads of malware
  • QR codes containing social engineering information
For example, attackers often use QR codes in phishing campaigns to bypass URL filters. Since you can’t preview the destination before scanning, this method is highly effective at deceiving unsuspecting recipients .
Blog Posts
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits
Tax season email attacks: AdWind RATs and Tycoon 2FA phishing kits
Talking phish over turkey
Talking phish over turkey
QR Code Phishing: Decoding Hidden Threats
QR Code Phishing: Decoding Hidden Threats
Attack Types (3):
Credential Phishing
Malware/Ransomware
BEC/Fraud
Tactics & Techniques (11):
Impersonation: Brand
PDF
QR code
Social engineering
Evasion
Open redirect
Free email provider
Free subdomain host
Image as content
Macros
LNK
Rule Name & Severity
Last Updated
Author
Types, Tactics & Capabilities
Brand impersonation: Microsoft (QR code)
16d ago
Jun 2nd, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
QR code
Social engineering
Computer Vision
Header analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-microsoft-qr-code-ed0f772a
Open redirect: typedrawers.com
26d ago
May 23rd, 2025 UTC
Sublime Security
Credential Phishing
Evasion
Open redirect
QR code
Social engineering
Content analysis
File analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/open-redirect-typedrawerscom-158d9e95
ClickFunnels link infrastructure abuse
1mo ago
May 16th, 2025 UTC
Sublime Security
Credential Phishing
Free email provider
Free subdomain host
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/clickfunnels-link-infrastructure-abuse-9192fbe9
Attachment: Fake Voicemail via PDF
1mo ago
Apr 30th, 2025 UTC
Sublime Security
Credential Phishing
PDF
QR code
Social engineering
Computer Vision
Content analysis
File analysis
Optical Character Recognition
QR code analysis
URL analysis
/feeds/core/detection-rules/attachment-fake-voicemail-via-pdf-d3587209
Link: QR Code with suspicious language (untrusted sender)
2mo ago
Apr 14th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
QR code
Social engineering
Content analysis
Computer Vision
Natural Language Understanding
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-qr-code-with-suspicious-language-untrusted-sender-25a84d1c
Link: QR code with phishing disposition in img or pdf
2mo ago
Apr 14th, 2025 UTC
Sublime Security
Credential Phishing
QR code
Social engineering
Content analysis
Computer Vision
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/link-qr-code-with-phishing-disposition-in-img-or-pdf-8e8949f6
Attachment: QR code with credential phishing indicators
2mo ago
Apr 14th, 2025 UTC
Sublime Security
Credential Phishing
QR code
Social engineering
Computer Vision
Header analysis
Natural Language Understanding
QR code analysis
Sender analysis
URL analysis
URL screenshot
/feeds/core/detection-rules/attachment-qr-code-with-credential-phishing-indicators-9f1681e1
QR Code with suspicious indicators
2mo ago
Apr 7th, 2025 UTC
Sublime Security
Credential Phishing
QR code
Social engineering
Content analysis
Header analysis
Computer Vision
Natural Language Understanding
QR code analysis
Sender analysis
URL analysis
/feeds/core/detection-rules/qr-code-with-suspicious-indicators-04f5c34f
Compensation Review With QR Code in Attached EML
2mo ago
Apr 3rd, 2025 UTC
Sublime Security
Credential Phishing
QR code
Social engineering
Computer Vision
Content analysis
Optical Character Recognition
QR code analysis
/feeds/core/detection-rules/compensation-review-with-qr-code-in-attached-eml-98a2f03c
Brand impersonation: Adobe (QR code)
2mo ago
Mar 27th, 2025 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
QR code
Computer Vision
Header analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-adobe-qr-code-2fc36c6d
Attachment: QR Code Link With Base64-Encoded Recipient Address
2mo ago
Mar 27th, 2025 UTC
Sublime Security
Credential Phishing
QR code
Image as content
Social engineering
Evasion
PDF
Macros
Computer Vision
File analysis
Natural Language Understanding
QR code analysis
Sender analysis
/feeds/core/detection-rules/attachment-qr-code-link-with-base64-encoded-recipient-address-927a0c1a
Unicode QR Code
3mo ago
Feb 26th, 2025 UTC
Sublime Security
Credential Phishing
Evasion
Content analysis
Sender analysis
QR code analysis
/feeds/core/detection-rules/unicode-qr-code-1a0bdd25
Attachment: SVG Files With Evasion Elements
3mo ago
Feb 21st, 2025 UTC
Sublime Security
Malware/Ransomware
Credential Phishing
QR code
Image as content
Evasion
File analysis
XML analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/attachment-svg-files-with-evasion-elements-5d2dbb60
Attachment: QR Code With Userinfo Portion
3mo ago
Feb 21st, 2025 UTC
Sublime Security
Credential Phishing
Malware/Ransomware
Evasion
Image as content
PDF
QR code
QR code analysis
File analysis
Sender analysis
/feeds/core/detection-rules/attachment-qr-code-with-userinfo-portion-9d62cc5c
Extortion / Sextortion - PDF attachment leveraging breach data from freemail sender
4mo ago
Feb 3rd, 2025 UTC
Sublime Security
BEC/Fraud
Free email provider
PDF
Social engineering
QR code
Content analysis
File analysis
QR code analysis
/feeds/core/detection-rules/extortion-sextortion-pdf-attachment-leveraging-breach-data-from-freemail-sender-efb5a213
Constant Contact link infrastructure abuse
5mo ago
Jan 11th, 2025 UTC
Sublime Security
Credential Phishing
Free email provider
Open redirect
Social engineering
Content analysis
Header analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/constant-contact-link-infrastructure-abuse-8c5e8e4c
QR code to auto-download of a suspicious file type (unsolicited)
7mo ago
Nov 20th, 2024 UTC
Sublime Security
Malware/Ransomware
Evasion
LNK
Social engineering
Archive analysis
File analysis
Sender analysis
URL analysis
QR code analysis
/feeds/core/detection-rules/qr-code-to-auto-download-of-a-suspicious-file-type-unsolicited-eed87ea2
Brand impersonation: DocuSign (QR code)
1y ago
Jun 12th, 2024 UTC
Sublime Security
Credential Phishing
Impersonation: Brand
PDF
QR code
Social engineering
Computer Vision
Header analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-docusign-qr-code-0b16c28a
Brand Impersonation: DocuSign with embedded QR code
1y ago
May 2nd, 2024 UTC
Sublime Security
Credential Phishing
Evasion
Image as content
Impersonation: Brand
QR code
Computer Vision
Content analysis
QR code analysis
Sender analysis
/feeds/core/detection-rules/brand-impersonation-docusign-with-embedded-qr-code-f5cde463
Link: QR code in EML attachment with credential phishing indicators
1y ago
Apr 25th, 2024 UTC
Sublime Security
Credential Phishing
Evasion
Open redirect
QR code
Computer Vision
Content analysis
File analysis
QR code analysis
/feeds/core/detection-rules/link-qr-code-in-eml-attachment-with-credential-phishing-indicators-9908ed3a