Knowledge base

December 28, 2023

Secure your organization against QR code phishing with Defender for Office 365

QR code phishing campaigns are a fast-growing form of e-mail attacks. They include QR codes linked to malicious content in emails, often disguised as legitimate requests such as a password reset or verification for two-factor authentication. Microsoft Defender for Office 365 continuously adapts to combat these threats.

What is a QR Code?

A QR code is a two-dimensional barcode that can be scanned using a smartphone or other mobile device with a camera. These codes can contain different types of information, such as URLs, contact information or product details, and are often used to direct users to Web sites, files or applications.

alta_ict_qr_code_security page

As an example, scanning the aforementioned QR code will take you directly to ALTA-ICT’s security page.

Increase in QR-Code Phishing

The popularity of QR codes has increased in recent years, in part because of COVID-19. However, cybercriminals have also embraced this technology. Microsoft observed a significant increase in phishing attempts related to QR codes, with a 23% increase in one week.

Why QR Codes?

QR codes present a unique challenge for security providers because they appear as an image during e-mail traffic and become readable only upon display. They are used in phishing attacks to move the attack from well-secured corporate environments to victims’ less secure personal mobile devices.

Detection and Protection by Defender for Office 365

Defender for Office 365 uses advanced image extraction technologies to detect QR codes in messages. The system extracts URL metadata from a QR code and uses this information for existing threat protection and filtering capabilities. In addition, URLs from QR codes are analyzed with machine learning models and checked for reputation.

Strategies Against QR-Code Phishing at Scale

Defender for Office 365 has implemented heuristic rules to block malicious messages. This has resulted in blocking about 1.5 million QR code phishing attempts per day in recent months.

Recommendations for Protection

Users are advised to exercise caution when scanning QR codes from unknown sources and always verify the legitimacy of the email and its content. In addition, it is important to regularly review organizational policy configuration settings and manage and monitor mail flow rules.


For more information or personal support regarding Microsoft Defender for Office 365, we invite you to contact ALTA-ICT. Our team specializes in implementing and optimizing Defender for Office 365, allowing us to provide you with expert guidance and customized solutions. This blog highlights the critical importance of awareness and proactive security measures against the growing threat of QR code phishing. Protect your organization effectively by enlisting the expertise of Alta-ICT.

Want to know more?

Get in touch
QR-code phishing