A recent malicious email campaign has been seen using an attack where the bad actor uses a QR code in the email instead of a link. If you get an email that asks you to go to a website using a code, be overly cautious. I would recommend never to scan a QR code from an email. Rather than scanning the code, go to the vendor’s URL by typing it in your browser and navigating manually.
As we move into the holiday season, the most likely tactic for this type of email will be related to shipping notifications.
Stay Vigilant and Be Aware!
Daniel Weatherly, CISSP