QR code email scam targets employee reviews

We received an email that looks like an official HR notice about a performance review. It mentions pay updates, benefits and a deadline. There is also a QR code to access your file.

Sign up for my FREE CyberGuy Report

This email is built to feel routine and urgent at the same time. Take a closer look, and the red flags start to add up.

The message shows "CyberGuy" as the sender. The actual email address is mario@toituresphenix.com. That domain has nothing to do with the brand it claims to represent. This is one of the biggest warning signs. Legitimate companies send HR notices from their own domain. If the domain looks unrelated, treat it as suspicious right away. 

The email says you must act by May 15, 2026. Deadlines push people to react fast. Scammers rely on that pressure, so you skip basic checks. Real HR systems do use deadlines. The difference is how they deliver them. They do not rely on a random email with a QR code.

Why it matters:

Most companies will send a direct link or ask you to log in through a known portal. They do not force QR-only access for something as sensitive as compensation details.

The email starts with "Dear Techtips." It looks like a mailing list or placeholder. Legitimate HR messages usually address you by your full name. They often include employee-specific details that scammers cannot easily fake.

The email mentions a "secure HR access system" but never names it. There is no recognizable platform like Workday or ADP. That vagueness is intentional. It avoids giving you something you can verify.

The message is marked as high importance. That visual cue pushes urgency again. Scammers stack these signals so you feel like you cannot ignore the message.

Instead of telling you to log into your HR portal, the email asks you to scan and access a file directly. That isn't how sensitive employee data is handled. Companies want you inside a secure login system, not opening a file from a QR code.

They embed malicious links inside codes so you cannot preview them easily. Once you scan, you may land on a fake login page that looks real. From there, it is a quick path to stolen credentials.

These scams rely on speed and distraction. Slow things down, and a few simple checks can protect your data.

If an email pushes you to scan a code, pause. Go to the official website yourself instead of using the code. 

Look past the display name. Verify the full email address. If it does not match the company, do not trust it.

Access HR systems by typing the URL you already know or using a saved bookmark. Avoid links and codes in emails.

Messages that avoid your real name should raise suspicion. That is often a sign of mass phishing.

If something feels off, ask your HR team directly. Use a known contact method, not the one in the email.

Strong antivirus software can block malicious links, flag phishing pages and stop malware before it installs. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com

Scammers often use personal data found online to make emails feel more convincing. A data removal service can reduce your exposure by removing your information from broker sites. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com 

Security updates patch known vulnerabilities. Turn on automatic updates so you are always protected.

Phishing emails keep evolving. Today, it is a QR code tied to a fake HR notice. Tomorrow, it could be something else that feels just as routine. The safest thing to do is simple. Do not trust the path an email gives you when sensitive information is involved. Use your own path instead.

If a message asks you to act fast with a QR code, would you stop and verify it first or trust it because it looks familiar? Let us know by writing to us at Cyberguy.com

Sign up for my FREE CyberGuy Report

Copyright 2026 CyberGuy.com.  All rights reserved.