Cybersecurity threats continue to evolve as attackers develop new ways to bypass detection systems. In its latest findings, Kaspersky has identified a rising phishing technique involving QR codes constructed entirely from text characters, rather than traditional image-based formats.
This emerging method represents a significant challenge for email security systems that rely on image scanning or link detection technologies.
Rise of QR Code-Based Phishing
QR codes embedded in emails have long been associated with phishing campaigns. During the second half of 2025, Kaspersky detected a fivefold increase in QR phishing attacks, highlighting their growing use among cybercriminals.
Typically, these attacks rely on image-based QR codes that redirect users to fraudulent websites designed to steal sensitive data such as login credentials or corporate information.
However, the latest evolution shifts away from images entirely.
ASCII QR Codes: A New Evasion Technique
Researchers have now uncovered a new tactic where attackers create QR codes using ASCII (American Standard Code for Information Interchange) characters instead of images.
ASCII graphics date back to early computing systems in the 1960s, where images were formed using text symbols due to the lack of graphical capabilities. This method was later replaced by modern image rendering but has resurfaced in a malicious context.
By constructing QR codes through text characters, attackers can bypass many security solutions that scan image files for embedded malicious links.
Phishing Scenario and Attack Flow
The attack typically begins with an email appearing to come from a trusted business partner. The message often claims to include a confidential document requiring signature through platforms such as DocuSign.
Recipients are instructed to scan a QR code displayed within the email. However, instead of leading to a legitimate service, the QR code redirects users to a fake website requesting corporate credentials.
Because the QR code is rendered using text-based ASCII art, many security systems fail to detect any embedded malicious links.
Expert Warning from Kaspersky
Cybersecurity experts emphasize that this technique is designed specifically to bypass existing defenses.
A security specialist at Kaspersky noted that attackers are now shifting between image-based and text-based evasion techniques depending on what detection systems are targeting at the time.
He warned that any QR code requesting corporate credentials on a mobile device should be treated with suspicion, especially when presented in unusual formats such as ASCII text.
Recommended Security Measures
To mitigate this evolving threat, organizations are advised to strengthen their email protection infrastructure.
Solutions such as Kaspersky Security for Mail Server can help detect and block phishing attempts, spam, business email compromise (BEC), and QR code-based attacks.
Companies are also encouraged to train employees to recognize suspicious QR codes and avoid scanning them unless their authenticity is verified through secure channels.
