Researchers have observed an attacker using a technique they hadn't previously seen to attempt to sneak phishing emails past enterprise security filters.
Abnormal Security, which reported the campaign this week, says between Sept. 15 and Oct. 13 it detected and blocked some 200 emails that contained a QR code — instead of the usual malicious attachment or URL link — to try and drive users to a phishing website.