QR Code Phishing Campaign Targets 1.6 Million Users, Bypasses Email‑Auth Controls
What Happened — 7AI research uncovered a massive QR‑code phishing operation that delivered malicious links to roughly 1.6 million email recipients. The campaign successfully evaded standard email‑authentication checks (SPF, DKIM, and DMARC), allowing the payload to reach inboxes unchecked.
Why It Matters for TPRM —
- Email‑auth failures expose third‑party data flows to credential harvesting.
- QR‑code phishing adds a visual‑social engineering layer that many traditional filters miss.
- A breach of a supplier’s credentials can cascade into supply‑chain compromise.
Who Is Affected — Financial services, healthcare, technology SaaS, education, and any organization that relies on email for vendor communication.
Recommended Actions —
- Verify that all third‑party email domains enforce strict SPF/DKIM/DMARC policies and monitor for alignment failures.
- Deploy advanced phishing‑detection solutions that inspect QR‑code payloads and URL reputation.
- Conduct user‑awareness training focused on QR‑code phishing and suspicious link verification.
- Review contracts for email‑security service level agreements (SLAs) with critical vendors.
Technical Notes — Attack vector: QR‑code phishing embedded in email bodies; bypass technique: manipulation of SPF/DKIM/DMARC headers to appear legitimate; data types at risk: login credentials, personal identifying information, and downstream corporate data. Source: HackRead