New data from Microsoft’s threat intelligence team shows that email phishing attacks are accelerating worldwide as attackers adopt increasingly stealthy techniques to evade detection. These trends present growing risks for Irish organisations and their employees, many of whom remain under-prepared as tactics rapidly evolve.
The key findings include:
8.3 billion – Microsoft detected 8.3 billion email-based phishing attempts globally in Q1 2026, reinforcing email as a primary entry point for cyberattacks.

QR code phishing is up by 146% – QR code-based phishing attacks surged by 146% over Q1?2026. Attackers embedded QR images in PDF attachments, accounting for 70% of QR phishing by March, to slip malicious links past traditional email filters.

Fake CAPTCHA scams were up by 125% – March 2026 saw a 125% jump in phishing emails gating malicious links behind fake “verify you’re human” CAPTCHA pages – nearly 11.9?million attacks that month, as criminals add fake security checks to trick users and bypass detection.
Credential theft – The vast majority of these email attacks (90%) aimed to steal user credentials rather than deliver malware, reflecting a shift by threat actors towards account compromise over payload-based attacks.

Phishing service disrupted – In early March, Microsoft’s Digital Crimes Unit disrupted the “Tycoon2FA” phishing-as-a-service platform, leading to an immediate 15% drop in that operation’s phishing activity for the rest of the month.

These global trends have clear implications for Ireland. Recent figures from Banking & Payments Federation Ireland’s FraudSMART programme show Irish SMEs lost nearly €19?million to email scams over the past two years, while more than half of those businesses had no dedicated fraud-awareness training for staff, highlighting a local preparedness gap as phishing tactics become more deceptive.

Kieran McCorry, national technology officer at Microsoft Ireland said: “As new tactics like QR-code scams and fake CAPTCHAs surge, it’s a wake-up call for organisations in Ireland to step up vigilance. Attackers are constantly refining their methods to trick even experienced employees, so questioning unexpected emails and having robust processes are essential now to protect credentials.”
On a related note, CyberGym, the large-scale AI security benchmark backed by UC Berkeley’s Center for Responsible, Decentralised Intelligence, just announced that Microsoft’s MDASH now tops the industry leaderboard, surpassingMythos. What’s most notable is the approach. MDASH is the first multi-model service CyberGym has included in the benchmark, and it now ranks at the top, ahead of single-model systems. You can read more about it here.
See more stories here.

More about Irish Tech News

Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.

You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news

If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.

Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.

You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.

Irish Tech News

Pin It on Pinterest