QR code phishing surged across email threats in Q1 2026
Target Trend
Summary
Hide ▲
Show ▼
Q1 2026 email-threat telemetry shows QR code phishing and CAPTCHA-gated phishing rising quickly, increasing the risk of credential theft across organizations. Microsoft detected about 8.3 billion email-based phishing threats, and QR-code abuse climbed from 7.6 million in January to 18.7 million in March. The shift matters because attackers are pairing mobile-friendly QR lures with legitimacy checks that help them evade automated defenses and drive victims to fake sign-ins.
Related Happenings
Kali365 Microsoft 365 device-code phishing campaign
Campaign
First: 25.05.2026 15:45
Last: 25.05.2026 15:45
Sources 1
About this happening:
A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...
Kali365 Microsoft 365 device-code phishing campaign
CampaignAbout this happening: A **Kali365** phishing campaign is targeting **Microsoft 365** environments worldwide with **device-code login lures**, putting accounts at risk of **token theft** and **MFA bypas...
CypherLoc phishing-led browser scareware campaign
Campaign
First: 20.05.2026 13:00
Last: 20.05.2026 13:00
Sources 1
About this happening:
The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...
CypherLoc phishing-led browser scareware campaign
CampaignAbout this happening: The **CypherLoc** operation has driven **around 2.8 million attacks** since the start of **2026**, using **phishing emails** to send users to malicious pages that lock browsers an...
Vidar Stealer ClickFix campaign targeting multiple sectors
Campaign
First: 08.05.2026 14:00
Last: 08.05.2026 14:00
Sources 1
About this happening:
The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...
Vidar Stealer ClickFix campaign targeting multiple sectors
CampaignAbout this happening: The **Vidar Stealer** campaign is using **ClickFix** social engineering and compromised **WordPress** sites to deliver password-stealing malware, widening risk for **infrastructur...
Code of conduct-themed Microsoft AiTM phishing campaign
Campaign
First: 05.05.2026 09:35
Last: 05.05.2026 09:35
Sources 1
How related:
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens.
About this happening:
A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Code of conduct-themed Microsoft AiTM phishing campaign
CampaignHow related: Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens.
About this happening: A **large-scale phishing campaign** used code of conduct-themed lures and **legitimate email services** to push victims to attacker-controlled domains and steal **authentication t...
Rising vishing losses against US adults 60+
Target Trend
First: 22.04.2026 17:01
Last: 22.04.2026 17:01
Sources 1
About this happening:
**Vishing** is surging against **US adults 60+**, creating outsized financial harm for a vulnerable consumer cohort. The trend is severe: **US elderly citizens** lost **$3.4B in 2...
Rising vishing losses against US adults 60+
Target TrendAbout this happening: **Vishing** is surging against **US adults 60+**, creating outsized financial harm for a vulnerable consumer cohort. The trend is severe: **US elderly citizens** lost **$3.4B in 2...
Timeline
-
05.05.2026 09:35 2 articles · 22d ago
Q1 2026 QR code phishing surge in email threats
Initial DisclosureMicrosoft telemetry covering January to March 2026 found QR code phishing becoming the fastest-growing email attack vector against recipients across organizations, with attack volume rising from 7.6 million in January to 18.7 million in March, a 146% increase. The same analysis showed CAPTCHA-gated phishing spreading rapidly across payload types, about 8.3 billion email-based phishing threats in the quarter, and late-March messages embedding QR codes directly in email bodies to route users toward credential-harvesting sign-in pages.
Show sources
- Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries — thehackernews.com — 05.05.2026 09:35
- Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries — thehackernews.com — 05.05.2026 09:35