{"id":207779,"date":"2026-05-01T11:13:00","date_gmt":"2026-05-01T15:13:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/01\/as-email-phishing-evolves-malicious-attachments-decline-and-qr-codes-surge\/"},"modified":"2026-05-01T11:30:12","modified_gmt":"2026-05-01T15:30:12","slug":"as-email-phishing-evolves-malicious-attachments-decline-and-qr-codes-surge","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/01\/as-email-phishing-evolves-malicious-attachments-decline-and-qr-codes-surge\/","title":{"rendered":"As email phishing evolves, malicious attachments decline and QR codes surge"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/email-phishing-trends-microsoft-qr-codes\/819077\/\">As email phishing evolves, malicious attachments decline and QR codes surge<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/email-phishing-trends-microsoft-qr-codes\/819077\/\">https:\/\/www.cybersecuritydive.com\/news\/email-phishing-trends-microsoft-qr-codes\/819077\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-01 11:13:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Dive Brief:<\/p>\n<p>Phishing attacks using QR codes to direct victims to malicious links surged in the first quarter of 2026, Microsoft said in a threat report published on Thursday.<br \/>\nEmail-based phishing attacks overwhelmingly used malicious links rather than attachments during the first three months of the year, reflecting the greater range of delivery options for externally hosted threats.<br \/>\nA major phishing-as-a-service (PhaaS) platform is significantly diminished after recent attempts to choke off its infrastructure, the company said.<\/p>\n<p>Dive Insight:<br \/>\nThe growth in QR-code phishing attacks is one of the most striking findings in Microsoft Threat Intelligence\u2019s Q1 2026 report, which analyzes the 8.3 billion email-based phishing attacks that the company detected between January and March.<br \/>\nIn January, 7.6 million threats used QR codes, but by March, it was 18.7 million, a 146% increase. That jump made QR-code phishing \u201cthe fastest-growing attack vector\u201d during the quarter, Microsoft said.<br \/>\n\u201cBy embedding malicious URLs within image-based QR codes in the body of an email or within the contents of an attachment,\u201d researchers explained, \u201cthreat actors attempt to exploit the limitations of text-based scanning engines and redirect victims to phishing sites on unmanaged mobile devices.\u201d<br \/>\nMalware delivery web pages using fake CAPTCHA security checks also surged in Q1, largely driven by a massive increase in March after month-to-month declines in both January and February. The 11.9 million attacks using CAPTCHAs in March represented \u201cthe highest volume observed over the last year,\u201d Microsoft said.<br \/>\nThe PhaaS platform Tycoon2FA used to dominate CAPTCHA-based attacks, but after a global takedown involving law enforcement agencies, tech companies and security vendors, its influence has waned significantly. \u201cAt the end of 2025, more than three-quarters of CAPTCHA-gated phishing sites were hosted on Tycoon2FA infrastructure,\u201d Microsoft said in its report. \u201cThis share decreased significantly over the course of the first three months of 2026, falling to just 41% in March.\u201d<br \/>\nBut Microsoft attributed Tycoon2FA\u2019s decline to more than just the coordinated takedown campaign. \u201cThe broadening of CAPTCHA-gated phishing sites being used by an increasing number of threat actors and phishing kits, combined with the overall surge in volume, indicates that this technique is becoming a more entrenched component of the phishing playbook rather than a specialty of a small number of tools.\u201d<br \/>\nBy far the most common objective of email-based phishing attacks in Q1 was to steal login credentials. That has been true for months, but the share of attacks focused on credential theft grew in Q1, from 89% in January to 94% in March.<br \/>\nAt the same time, traditional attachment-based malware delivery has almost become an afterthought \u2014 it represented just 5% to 6% of attacks in Q1, with the vast majority of attacks using phishing websites or \u201clocally loaded spoofed sign-in screens.\u201d<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As email phishing evolves, malicious attachments decline and QR codes surge https:\/\/www.cybersecuritydive.com\/news\/email-phishing-trends-microsoft-qr-codes\/819077\/ Publish Date: 2026-05-01&#8230;<\/p>\n","protected":false},"author":1,"featured_media":207780,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/aqj7RLp202Rs-f0Y-dq7Fbx_kVfWiit5KW5SzlzrchM\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xNDI3NDE1MTMzLmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,32,25],"class_list":["post-207779","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207779"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=207779"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207779\/revisions"}],"predecessor-version":[{"id":207781,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/207779\/revisions\/207781"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/207780"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=207779"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=207779"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=207779"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}