FBI warns that QR code phishing is used in North Korean cyber espionage

The Federal Bureau of Investigation has issued a warning about a growing cyber threat that turns everyday QR codes into espionage tools.

A hacking group sponsored by the North Korean government is using a tactic known as quishing to attack people in the United States, according to the office.

The objective is simple. Trick you into scanning a QR code that sends you to a malicious website. From there, attackers can steal login credentials, install malware, or silently collect device data.

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

WHATSAPP WEB MALWARE AUTOMATICALLY SPREADS THE BANKING TROJAN

What is quishing and why it works

quishing is short for QR code phishing. Instead of clicking on a suspicious link in an email, the victim scans a QR code that hides the real destination. QR codes themselves are harmless. The danger lies in the bond embedded within. Once scanned, the link may redirect users to fake login pages, malware downloads, or tracking sites. Because QR codes are familiar and fast, many people scan them without a second thought. That split second of trust is exactly what attackers rely on.

Who is behind the attacks?

The FBI says the activity is linked to a hacking group known as Kimsuky. The group has operated for years as a cyberespionage arm for North Korea. What is new is the delivery method. According to the FBI, QR code-based attacks began in May 2025. In one example, attackers posed as foreign policy advisors and sent an email to the leader of a think tank with a QR code linked to a fake questionnaire. By scanning the code, the victim was sent to a malicious site designed to collect information.

What happens after scanning the QR code?

Once a victim reaches one of these sites, several things can happen. Some pages ask users to download files that contain malware. Others mimic mobile login portals for popular services like Okta, Microsoft 365, or VPN services. Even if no form is filled out, the site may still collect device details. That includes IP address, operating system, browser type, and approximate location. Over time, that data helps attackers create intelligence profiles about their targets.

Why QR code phishing attacks are highly targeted

The FBI describes these campaigns as phishing rather than mass spam. That means the emails are designed for specific people. Language context and sender details are designed to appear relevant and credible. When an email seems personal, people are more likely to trust it. That’s why these attacks are especially dangerous for professionals, researchers, executives, and anyone who works in politics or technology.

Why QR code phishing threats are increasing

QR codes are everywhere now. Restaurants, parking meters, event tickets, and advertisements depend on them. As its use grows, so does the potential for abuse. Attackers know that people are conditioned to scan without hesitation. That makes caution more important than ever.

Ways to stay safe from QR code phishing

The FBI says one of the best defenses against quishing is slowing down. QR codes remove the visual cues that people rely on, so a few extra checks can make a big difference.

1) Be careful with unexpected QR codes

Treat QR codes like links in emails. If you didn’t expect it, don’t scan it. QR codes sent via email, text messages, or messaging apps are a common entry point for quishing attacks. Criminals rely on curiosity and urgency to force you to scan without thinking.

2) Check the source before scanning

Always confirm who sent the QR code. If a message claims to come from a coworker, vendor, or organization, communicate through a separate channel before scanning. A quick call or direct message can stop a phishing attempt.

SCAMS INCREASE IN JANUARY: WHY FRAUD SPREADS AT THE BEGINNING OF THE YEAR

3) Never enter login details after scanning a QR code

QR code phishing often leads to fake mobile login pages. Attackers mimic the login screens of email, VPN, and cloud services to steal usernames and passwords. If a QR code takes you to a login page, close it and visit the site manually.

4) Carefully inspect the website URL.

Once a QR code opens a page, check the address bar. Look for misspellings, extra words, or unknown domain endings. A strange URL is usually the only warning sign that the site is malicious.

5) Use strong antivirus software for QR-based threats

Powerful antivirus software adds an extra layer of protection against quishing. Security tools can block known phishing sites, stop malicious downloads, and warn you before harmful pages load. This is especially important on mobile devices, where QR codes are scanned more frequently.

The best way to protect yourself from malicious links that install malware and potentially access your private information is to have powerful antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.

Get my picks for the best antivirus protection 2026 winners for your Windows, Mac, Android and iOS devices at Cyberguy.com.

6) Use a data deletion service to limit exposure.

Some quishing sites collect device and location data even if you do nothing. A data deletion service helps reduce the amount of personal information publicly available online. That makes it harder for attackers to target you with convincing phishing emails that include QR codes.

While no service can guarantee complete removal of your data from the Internet, a data deletion service is truly a smart choice. They are not cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically deleting your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to delete your personal data from the Internet. By limiting the information available, you reduce the risk of scammers cross-referencing leak data with information they can find on the dark web, making it harder for them to target you.

Check out my top picks for data deletion services and get a free scan to find out if your personal information is already available on the website by visiting Cyberguy.com.

Get a free scan to find out if your personal information is already available on the web: Cyberguy.com.

7) Avoid QR Code Downloads Completely

Don’t download files from QR code links unless you are absolutely sure they are safe. Malware distributed via QR codes can silently install spyware or remote access tools without obvious warning signs.

INSTAGRAM PASSWORD RESET BOOST: PROTECT YOUR ACCOUNT

Kurt’s Key Takeaways

QR codes are convenient, but convenience can lower your defenses. As this FBI warning shows, attackers are evolving and using familiar tools in dangerous ways. A moment of verification can prevent weeks or months of damage.

When was the last time you stopped to question a QR code before scanning it? Let us know by writing to us at Cyberguy.com.

CLICK HERE TO DOWNLOAD THE News APP

Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered right to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.

Copyright 2026 CyberGuy.com. All rights reserved.