A QRazy clever scam.

A QRazy clever scam.

From Research Saturday by N2K Networks

April 25, 2026 · 19 min · Season 10 · Episode 422

About this episode

This episode discusses a large-scale phishing campaign using QR codes that bypassed traditional email security measures.

This week, we are joined by Juliana Testa, Senior Security Engineer from 7AI, sharing their work on "Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter." A large-scale “quishing” campaign used QR codes embedded in image attachments to hide phishing URLs, allowing 28 out of 33 emails to bypass SPF, DKIM, DMARC, and Microsoft Defender and land directly in inboxes. Each recipient received a unique QR code and tracking ID, defeating traditional detection methods and enabling attackers to scale the campaign to over 1.6 million emails across multiple organizations while shifting execution to less-secure mobile devices. The attack was ultimately uncovered through AI-driven alerting combined with human analysis and threat hunting, highlighting a major blind spot in email security and the need for QR code inspection, mobile protections, and tighter auto-reply controls. The research and executive brief can be found here: Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter. Learn more about your ad choices. Visit megaphone.fm/adchoices

People in this episode

Guest: Juliana Testa

Topics covered

  • QR codes
  • phishing
  • email security
  • AI-driven alerting
  • mobile device security

Keywords

  • quishing
  • phishing campaign
  • QR code
  • email security
  • AI alerting
  • mobile security
  • threat hunting

Mentioned in this episode

Organizations: 7AI, Microsoft Defender

Books & works: Quish Splash - When the QR Code Is the Weapon: A Multi-Wave Phishing Campaign That Slipped Past Every Filter

More episodes of Research Saturday

Explore listener stats, chart rankings, contacts and more on the Research Saturday podcast page.