A procurement employee received an email titled "Important Update to Your Salary and Compensation Structure." There was nothing to click. The body was blank. The only thing in the message was a Word document called Revised_Pay_Structure_Notice.docx.
Open it, and the page reads like an HR memo. It greets the employee by full name, references the next payroll cycle, and promises "updated compensation details." To see them, you scan a QR code printed at the bottom of the page.
That QR code is the entire attack. It decodes to a credential-harvesting site that no inline scanner in the delivery path ever inspected, because the link was never text. It was a picture inside an attachment. This is quishing, QR code phishing, and the design of this sample is a clean illustration of why it keeps working.
Quishing replaces a clickable URL with a QR (Quick Response) code, a square barcode a phone camera reads. The technique exists for one reason: to put the malicious destination somewhere automated defenses do not look.
Email security tools parse links. They extract every anchor tag and bare URL from the message body, rewrite them, and check them against reputation engines and sandboxes. A QR code defeats that entire pipeline because there is no URL in the body to extract. The destination is encoded in pixels inside an image, and that image was nested inside an Office document. Two layers of indirection, and the link inspection that protects most inboxes had nothing to read.
The second half of the gap is the device. A QR code is meant to be scanned with a phone. The moment the recipient lifts a personal handset to the screen, the web request leaves the corporate network, the secure web gateway, and any inline proxy. The destination loads over the phone's own connection, off the scanner path entirely. MITRE ATT&CK catalogs this as Phishing via attachment (T1566.001) carrying a link payload (T1566.002), and the combination is what makes it slippery.
Here is the part that should reassure you and then worry you in the same breath. Every authentication check on this message failed.
SPF (Sender Policy Framework, which verifies that the sending server is authorized for the claimed domain) returned a hard fail. The connecting IP was not on the permitted list for the organization's domain. DKIM (DomainKeys Identified Mail, a cryptographic signature on the message) was absent entirely. DMARC (Domain-based Message Authentication, Reporting and Conformance, which ties SPF and DKIM together with a policy) failed with no aligned signal. Microsoft's composite authentication verdict was a flat failure.
The sender address was the recipient's own address. From and To were identical, an external party using an internal-looking identity to mail the organization as if from inside it, the pattern often called Direct Send abuse. None of it authenticated, and the message still landed in four mailboxes carrying the follow-up subject "Important: Updated Compensation Details Now Available."
What carried it past human suspicion was personalization. The document named the recipient, cited the exact email address, set an effective date on the next payroll cycle, and branded itself as a memo from a manufacturing organization's HR department. The Verizon 2026 Data Breach Investigations Report attributes 62% of breaches to the human element and 16% of initial access to phishing, with stolen credentials behind 39% of breaches. Specificity is the lever. When a lure addresses you by name and references your pay, the failed SPF record is not what you are thinking about.
The attachment was a 43,915-byte DOCX. There were no macros, so signature engines hunting for VBA found nothing. The malicious content was an embedded PNG that contained a QR code, and decoding it produced the destination.
The target domain sits on an uncommon top-level domain and is built from a long string of brand-like tokens concatenated together, the kind of construction that has no legitimate purpose. There was no public WHOIS record and no reputation history. The decoded URL carried the recipient's email address in its fragment, a prefill-and-track technique common to credential-harvesting landing pages.
The message itself originated from an ISP-assigned host in Europe whose reverse DNS pointed to a residential or commercial customer line, not a verified mail gateway. A legitimate payroll system does not send from an arbitrary ISP customer IP.
Layered detection that reads the document rather than just the message body is what catches this. An engine that decodes embedded QR codes, evaluates the resulting destination, and weighs behavioral context such as a self-addressed message with failing authentication can flag the attack the inline link scanner could not. Themis, the agentic AI SOC analyst, classified this sample as credential theft and a QR code attack at high confidence on exactly those combined signals.
See Your Risk: Calculate how many threats your SEG is missing
A SEG (secure email gateway, the legacy perimeter filter many organizations still front their mail with) is built around the link and content patterns of a decade ago. Independent figures bear out the gap: CISA and the FBI IC3 2024 report both track phishing as the dominant reported attack type, and the Microsoft Digital Defense Report 2024 documents the steady shift toward image-based and QR-delivered lures. Across the IRONSCALES base, SEGs miss an average of 67.5 of every 100 mailboxes' worth of advanced threats each month.
All indicators are defanged. Do not interact with them.
| Type | Indicator | Context |
|---|---|---|
| URL | hxxps://globalthalescetcavionicscoltdit[.]weststrionvde[.]vu#[recipient-email] | QR-decoded credential-harvest destination; fragment prefilled with victim email |
| Domain | weststrionvde[.]vu | Hosting domain, uncommon TLD, no WHOIS or reputation history |
| IP | 91[.]244[.]70[.]64 | Originating IP; PTR customer[.]evolus-ix[.]com (ISP host, not a mail gateway) |
| Attachment | Revised_Pay_Structure_Notice.docx | 43,915-byte DOCX, no macros, embedded QR image (MD5 aded54d91f21ea3e69bdc20ceb13a3c9) |
| Technique | QR code in Office attachment | Malicious link delivered as an image inside a document to evade URL scanning |
Stop treating attachments as inert. The most important inspection surface in this attack was not the email body, it was the pixels inside a Word file. Detection that does not decode QR codes inside documents and follow them to their destination has a blind spot a payroll memo can drive through.
Pair that with context. Authentication failure plus a self-addressed message plus a QR-only payload is a strong composite signal even when each piece alone looks survivable. Behavioral and contextual analysis, QR code attack protection that reads inside attachments, credential harvesting protection, and user training that teaches people to distrust a QR code asking for pay details are the layers that close this gap. For the deeper mechanics of the technique, see our quishing glossary entry.
The link you cannot scan is still a link. It just made sure your scanner could not see it.
| Attack | What happened |
|---|---|
| The QR Code That Knew Your Email Address Before You Scanned It | A phishing PDF embeds a QR code with the recipient's email pre-encoded in base64. |
| The Contract QR Code That Knew Your Email Address Before You Scanned It | A malicious PDF disguised as a contract agreement contained a QR code with the recipient's email pre-encoded in a base64 URL fragment. |
| The DocuSign Template That Forgot to Replace 'Putyourlinkhere' | A DocuSign-themed phishing email left a template artifact ('Putyourlinkhere') in its HTML. |
| The Workplace Email That Passed Every Authentication Check and Hid Its Payload in a Shortened QR Link | A routine workplace email about saving uploaded items passed SPF, DKIM, DMARC, and composite authentication with a perfect score. |
| Cloning the Defender: How Attackers Weaponized IRONSCALES Branding Against a Security Company's Own Inbox | Attackers cloned IRONSCALES visual branding and routed it through a compromised Brazilian professional domain via Amazon SES. |