HomeEverythingEducation
Equities & FundsCrypto & Digital AssetsAI & TechnologyBusiness & CorporateUS Politics & PolicyGeopolitics & Global RiskMacro, Rates & FXCommodities & EnergyEuropean Politics & MarketsAsia-PacificReal Estate & Property
Story archiveAll categories
← All Stories

QR code email scam targets employee reviews

Created at 31 May · 3:23 PM1 source↑ Market-relevant
IN SHORT

A phishing scam uses QR codes in fake HR emails to steal employee credentials. The emails mimic official notices about performance reviews and pay, urging recipients to scan a code to access their files. This tactic, known as 'quishing,' exploits familiarity with QR codes to trick users into visiting malicious sites.

✉Newsletter

PiQ Daily

Pick your topics. Get only what matters, on your cadence.

Key Numbers

May 15, 2026Scam email deadline

Who's Involved

CyberGuy
Information source on cybersecurity scams
FBI
Issued a warning about QR code scams

↳ Why This Matters

This phishing scam, termed 'quishing,' leverages QR codes to bypass traditional link verification, making it harder for users to detect malicious intent. By mimicking official HR communications and creating a sense of urgency, scammers aim to steal employee login credentials, which can then be used to access company systems or personal data.

Key facts

  • Phishing emails are using QR codes to target employee performance reviews.
  • The scam emails appear to be official HR notices regarding pay and benefits.
  • Recipients are prompted to scan a QR code to access their appraisal files.
  • The sender's email address ([email protected]) is unrelated to the claimed company.
  • The emails use urgency tactics like deadlines and high importance markings.
  • Legitimate HR communications typically use direct links or known company portals, not QR codes for sensitive data.

This phishing scam, termed 'quishing,' leverages QR codes to bypass traditional link verification, making it harder for users to detect malicious intent. By mimicking official HR communications and creating a sense of urgency, scammers aim to steal employee login credentials, which can then be used to access company systems or personal data.

Frequently asked questions

Quishing is a phishing tactic that uses QR codes to embed malicious links or information, aiming to trick recipients into revealing sensitive data.

QR codes are used because they are familiar and widely accepted, which lowers users' guard. They also make it harder to preview the destination link before scanning.

Verify the sender's email address, avoid clicking links or scanning QR codes in suspicious emails, and always access sensitive systems through official, known channels.

Do not click any links or scan any QR codes. Contact your HR department directly using a known phone number or email address to verify the communication.

What Happens Next

01Users should verify suspicious emails by contacting HR directly through known channels.
02Access HR systems via known URLs or bookmarks, not links or QR codes from emails.
03Install and maintain strong antivirus software with malicious link blocking.
04Enable two-factor authentication (2FA) for enhanced account security.

Get the newsletter.

Pick the topics you actually care about. We'll email when there's news worth your time, on the cadence you choose. Cancel any time from your account.

Cadence

How It Developed

31 May · 3:02 PM
A phishing scam uses QR codes in fake HR emails to steal employee information, impersonating internal HR offices.
Fox News via PiQSuite

Sources

T1
QR code email scam targets employee reviewsm.piqsuite.com

Related Stories

AssuranceAmerica Data Breach Exposes Millions of Driver's Licenses
8 Jul · 4:35 PM
World Cup marred by AI-generated racist misinformation
8 Jul · 2:55 PM
Google's SynthID debunks AI-generated Mitch McConnell hoax image
8 Jul · 8:45 PM
Elon Musk's Grok 4.5 Launched, Priced Aggressively Against Competitors
8 Jul · 10:30 PM
Waymo robotaxi stops, alerts police to teens drinking and firing gel beads
8 Jul · 3:46 PM