A new HP survey has revealed an uptick in QR code phishing campaigns that trick users into scanning QR codes from their PCs using their mobile devices. 

HP Inc. which released its latest quarterly HP Wolf Security Threat Insights Report, shows increasing diversification of attack methods being used by hackers. 

According to the report, there has been a surge in QR code phishing campaigns that trick users into scanning QR codes from their PCs using their mobile devices, directing them to malicious websites asking for credit and debit card details. 

The report reveals a 38% rise in malicious PDF attachments and a 20% increase in the popularity of archive files, such as ZIP, RAR, and IMG, which are being used by threat actors to run their payloads.

Since February 2022, when Microsoft began blocking macros in Office files by default, attackers have been forced to look for new ways to breach devices and steal data. 

The HP Threat Research team, the tech company says, has identified the latest techniques being used by cybercriminals through the analysis of data from millions of endpoints running HP Wolf Security.

Alex Holland, Senior Malware Analyst at HP Wolf Security, says that “when one door closes another opens – as shown by the rise in scan scams, malvertising, archives, and PDF malware.” He asked users to be vigilant when receiving emails or websites that ask to scan QR codes and to look out for PDF files linking to password-protected archives.

The report also found that organisations should deploy strong isolation to contain the most common attack vectors like email, web browsing, and downloads. 

By combining this with credential protection solutions that warn or prevent users from entering sensitive details onto suspicious sites can greatly reduce the attack surface and improve an organisation’s security posture, HP says.

HP Wolf Security runs risky tasks like opening email attachments, downloading files, and clicking links in isolated micro-virtual machines (micro-VMs) to protect users, capturing detailed traces of attempted infections.