Threat command center

Triage before you trust

This page is intentionally staged. Choose a threat, then move through Observe, Verify, Contain, and Report in order.

Trust model

Verify before action

Evidence rule

Capture first, clean up second

Escalation rule

Official channel only

QR-code spearphishing in email

Threat actors are embedding QR codes in phishing emails to bypass link filters and push users into credential-harvesting pages.

Latest advisory

FBI Cyber Alert published January 8, 2026

Impact

Credential theft and mailbox/account takeover

Action window

Before scan

Guided response stages

Stage 1: Observe

Pause and inspect before interacting with the message.

  1. 1. Check sender domain and compare it to known sender patterns.
  2. 2. Look for urgency language, account-lock pressure, or MFA reset pressure.
  3. 3. Treat embedded QR images as equivalent to unknown links.
avoid: Do not scan unknown QR codes from email.
avoid: Do not enter credentials after scanning unless destination was independently verified.
avoid: Do not forward suspicious messages without context to colleagues.
Source: FBI: QR codes used in spearphishing
next: run exposure auditincident already active? open first-hour response

Guided journey

Step 2 of 9: Threats