Getty Images
Congratulations, you’ve been selected to participate in our latest phishing campaign! We’re proud to announce that we have released an innovative new approach: image-based junk emails embedded with fancy-schmancy QR codes. Our goal is simple – bypass security protections and provide customization for maximum fooling of recipients!
We know what you’re thinking – “But how will I ever fall for such obvious trickery?” Well, let us tell you, it’s easier than stealing candy from a baby (which we also do on occasion). You see, these emails come from compromised email addresses within your own organization which provides them authenticity like no other. And don’t worry about pesky text getting in the way; there’s none here! Just attached images so they can escape notice by those silly security programs analyzing words sent via email.
The best part? The images embed nifty little QR codes leading straight to credential-harvesting sites where passwords are captured and sent right back into our loving arms. It doesn’t get any better than that folks!

Inky
We call this approach “spray and pray” because we send these emails to as many people as possible, hoping that the majority will fall for our ruse. And trust us when we say it works like magic! We’ve successfully targeted multiple industries in both the US and Australia including nonprofits, wealth management firms (because who doesn’t love money?), management consultants, land surveyors (yes even them), flooring companies – you name it!
“It’s important to note that these three QR Code phishing emails weren’t sent to just a handful of INKY customers. They were part of a “spray and pray” approach.”
If all else fails though don’t worry; there are still some countermeasures available:
- Seek confirmation from out-of-band means other than through an email channel – but where’s the fun in that?
- Carefully inspect sender addresses before clicking on anything – unless they’re one letter off or something then go ahead click away!
- Click on body text only if words can be copied/pasted otherwise remain suspicious AF.
You may think falling prey to such obvious trickery is reserved for those less attentive individuals among us but studies show phising attacks are among the most effective and cost-effective means for carrying out network intrusions. With 3.4 billion spam emails sent every day, according to AGG IT Services (who knew they were still around?), one in four people reporting that they have clicked on a phishing email at work, according to Tessian – it’s clear we’re doing something right!
So don’t be shy! Click away my friends – your passwords will thank you later.
Getty Images
Congratulations, you’ve been selected to participate in our latest phishing campaign! We’re proud to announce that we have released an innovative new approach: image-based junk emails embedded with fancy-schmancy QR codes. Our goal is simple – bypass security protections and provide customization for maximum fooling of recipients!
We know what you’re thinking – “But how will I ever fall for such obvious trickery?” Well, let us tell you, it’s easier than stealing candy from a baby (which we also do on occasion). You see, these emails come from compromised email addresses within your own organization which provides them authenticity like no other. And don’t worry about pesky text getting in the way; there’s none here! Just attached images so they can escape notice by those silly security programs analyzing words sent via email.
The best part? The images embed nifty little QR codes leading straight to credential-harvesting sites where passwords are captured and sent right back into our loving arms. It doesn’t get any better than that folks!

Inky
We call this approach “spray and pray” because we send these emails to as many people as possible, hoping that the majority will fall for our ruse. And trust us when we say it works like magic! We’ve successfully targeted multiple industries in both the US and Australia including nonprofits, wealth management firms (because who doesn’t love money?), management consultants, land surveyors (yes even them), flooring companies – you name it!
“It’s important to note that these three QR Code phishing emails weren’t sent to just a handful of INKY customers. They were part of a “spray and pray” approach.”
If all else fails though don’t worry; there are still some countermeasures available:
- Seek confirmation from out-of-band means other than through an email channel – but where’s the fun in that?
- Carefully inspect sender addresses before clicking on anything – unless they’re one letter off or something then go ahead click away!
- Click on body text only if words can be copied/pasted otherwise remain suspicious AF.
You may think falling prey to such obvious trickery is reserved for those less attentive individuals among us but studies show phising attacks are among the most effective and cost-effective means for carrying out network intrusions. With 3.4 billion spam emails sent every day, according to AGG IT Services (who knew they were still around?), one in four people reporting that they have clicked on a phishing email at work, according to Tessian – it’s clear we’re doing something right!
So don’t be shy! Click away my friends – your passwords will thank you later.