Researchers discovered a new phishing campaign that abuses QR codes to redirect targets to phishing landing pages, effectively circumventing security solutions and controls designed to stop such attacks in their tracks. The phishing emails were camouflage as a SharePoint email with a “Review Important Document”” subject line and a message body which would invite potential victims “”Scan Bar Code To View Document”” The crooks added a GIF image containing the QR code which would redirect them to the hxxps://digitizeyourart.whitmers[.]com/WP/Sharepoint/sharepoint/index.php.”
Source: https://www.bleepingcomputer.com/news/security/phishing-security-controls-fully-bypassed-using-qr-codes/