Large-Scale QR Code Phishing Campaign "Quish Splash" Uncovered by 7AI

Cybersecurity firm 7AI uncovered a large-scale QR code phishing campaign dubbed "Quish Splash," which bypassed email security protocols SPF, DKIM, and DMARC to target approximately 1.6 million users. The attack leveraged malicious QR codes embedded in emails to evade detection, though no specific threat actor or attribution to "Baron Lester" was confirmed in the findings. No exact dates or geographic targeting were disclosed, but the campaign highlights a growing trend in QR-based phishing tactics. The phishing emails successfully evaded traditional security measures, increasing the risk of credential theft or malware delivery. Technical details on the evasion techniques or payloads were not provided beyond the protocol bypass. The impact includes potential unauthorized access to sensitive data due to the campaign's scale.