Hackers using text-based QR codes to bypass email security tools

Source: Magnific

The tactic was uncovered by cybersecurity firm Kaspersky, which said attackers are constructing QR codes using text symbols rather than image files.

New twist on QR phishing

QR-code phishing attacks, often known as "quishing", have become increasingly common as attackers look for ways to evade traditional email security measures.

According to Kaspersky, QR phishing attacks surged during the second half of 2025, with the latest technique representing a new attempt to avoid detection.

Instead of embedding a QR code image in an email, attackers create the code using strings of text characters, a technique similar to ASCII art.

Because some email security systems focus on scanning images or analysing embedded links, text-based QR codes may be harder to identify as malicious.

Fake document requests

Researchers said the phishing emails typically impersonate a business contact and claim a confidential document is waiting to be signed through a service such as DocuSign.

Recipients are instructed to scan the QR code to access the document.

The code then directs victims to a fraudulent website designed to steal corporate login credentials.

According to Kaspersky, the use of text-generated QR codes allows attackers to conceal malicious links from some automated security checks.

Older technique finds a new use

Creating images from text characters dates back to the early days of computing when systems could not display graphics.

Known as ASCII art, the technique was also used by spammers in the early 2000s to avoid image-based filtering tools.

Researchers said cybercriminals are now adapting the same concept to QR codes as they continue looking for new ways to bypass email security systems.

Security experts advise users to treat unsolicited QR codes with caution, particularly when they lead to login pages requesting corporate credentials.