The paper trail you can’t see

A PDF arrives that looks perfect. Logo, kerning, vendor address. A neat “Pay now” QR square in the margin. You scan. You don’t “click.” You assume you’re safer. You’re not.

Document deepfakes and quishing are two halves of the same modern con. One fakes the content. The other hides the click. Together they turn routine paperwork into a silent detonator. And they target exactly the people who move money inside small companies: the founders, finance leads, office managers.

Let’s start with the paperwork itself. Financial institutions are already seeing forged IDs and doctored records that slip past onboarding checks. Treasury’s financial-crime arm wrote it plainly last year: “criminals have used GenAI to create falsified documents, photographs, and videos to circumvent…customer identification and verification” (FinCEN, 2024). The lesson carries over to small business back-offices. If an algorithm can mint a passable passport, it can pump out an invoice, bank statement, or W-9 that looks clean to human eyes and email filters alike.

Everyone You See Might Be Fake on Video Calls

Live deepfake calls blend faces, voices, and authority to move money. Arup’s loss shows founders must treat meetings as attack surfaces.

4FshSagger Khraishi

Accountants have been ringing the same bell. “Resourceful fraudsters can now use AI to create convincingly realistic documents and data such as invoices, contracts, reports, spreadsheets, and bank statements,” the Journal of Accountancy warned in May 2024 (Sang & Kniepmann, 2024). That’s not theoretical. The old Emotet crews were already weaponizing fake W-9 forms in the 2023 tax season to push malware through email attachments dressed up as IRS paperwork (Abrams, 2023).

But the sharper twist isn’t only the forgery. It’s delivery. HP’s Q1-2024 telemetry captured a pivot that matters for founders and SMBs: “11% of threats were PDF files, many of which did not contain malicious code but links to malware, enabling attackers to slip past email scanners” (HP Wolf Security, 2024, p. 8). The invoice looks routine. The PDF is technically “benign.” The trap is inside the link and now often, inside a QR code.

That’s quishing. Not a cute portmanteau. A gap in the fence. United States Postal Inspection Service defines it cleanly: “Quishing, short for QR code phishing, is an identity fraud scam utilizing QR codes” that drive you to spoofed pages to surrender credentials or payment details (USPIS, 2025). And the tactic isn’t just online. In July 2025, the FBI’s Internet Crime Complaint Center warned about unsolicited packages that arrive with a QR code meant to kick off a fraud flow: scan, land, lose (IC3, 2025).

Why QR codes? Because they drag the user to a phone, the soft underbelly of business security. Recorded Future’s Insikt Group put a fine point on it: threat actors are “increasingly using QR codes in phishing attacks…to capture two- and multi-factor authentication…credentials,” with a conspicuous tilt toward executive targets (Insikt Group, 2024). The investigator’s footnote is the operator’s playbook. Get the user off the corporate laptop. Get them onto a device with fewer controls. Step around the legacy filters that expect a blue underlined URL, not a 29×29 matrix of squares.

Inside inboxes, the pattern is steady and predictable. Abnormal Security’s analysis of the back half of 2023 found “C-Suite executives were 42 times more likely to receive QR code attacks than the average employee,” with lures clustered around MFA prompts and shared-document access (Abnormal Security, 2024). Quishing lures those leaders because their mailboxes are crowded, delegated, and decisive. One scanned square can mint a session token. One token can move money.

Outside the inbox, the numbers are real and recent. Action Fraud, the UK’s national fraud reporting center, logged 784 quishing reports between April 2024 and April 2025, with “almost £3.5 million lost” in that period (Action Fraud, 2025). The QR surface area is everywhere now: parking meters, menus, shipping labels, flyer walls. The FTC’s caution reads like common sense, but it matters: “A scammer’s QR code could take you to a spoofed site that looks real but isn’t” (Federal Trade Commission, 2023).

The Trojan Stack: Fake AI APIs and SDKs

Malicious AI-branded SDKs, fake APIs, and extensions are the new supply chain. How they steal tokens and hurt startups - and what to watch.

4FshSagger Khraishi

Put the two together and you get the modern invoice con. HP’s threat team watched “overdue invoice” lures pull users into HTML smuggling chains or redirectors before the real payload dropped; the company’s own plain-English summary sticks: “Invoice lures were the weapon of choice last quarter” (HP Inc., 2024). Now imagine the same lure with a QR. No link to hover. No URL to preview. No text to scan for typos. A “pay now” code that opens a perfect vendor portal look-alike on your phone, where you type credentials and rotate a code to “confirm.” That’s not a guess. Recorded Future ties a chunk of these QR attacks to MFA impersonation and adversary-in-the-middle kits popular on phishing-as-a-service platforms (Insikt Group, 2024).

For a solo founder or a 40-person firm, this isn’t an abstract CISOs-only problem. It’s a Tuesday. Vendors change bank accounts. New contractors request W-9s. Your point-of-sale vendor emails a service notice. Your delivery partner pings you about a missed payment. Each message comes with a file, which comes with a code, which comes with a decision.

Three tensions make this moment risky for smaller operators.

First, speed pressure. Small teams move fast and default to trust. The more “normal” the document looks, the faster it sails through. AI helps adversaries knock off the rough edges that used to give them away. Again: “convincingly realistic” documents at scale (Sang & Kniepmann, 2024).

Second, filter blindness. Gateways and safe-link tools still struggle with images and embedded codes. HP’s PDF finding is the tell, the benign documents that ferry the user to the real trap without triggering static detection (HP Wolf Security, 2024). That gap widens when the target scans with a personal phone the company doesn’t manage.

Third, physical spillover. When the FBI is warning about unsolicited boxes with QR cards, you have to accept that the attack surface is no longer just your inbox (IC3, 2025). A QR slapped over a parking sticker or taped to a lobby sign can harvest the same credentials your “secure link” would have grabbed online. And as Action Fraud’s data shows, the parking lot is already a prime hunting ground (Action Fraud, 2025).

Meetings, Calendars, and Calls Are Attack Surfaces for AI

AI scaled social engineering. Deepfakes, spoofs, and fake AI tools exploit meetings and calendars. Treat every channel as an attack surface.

4FshSagger Khraishi

You’ll hear that quishing rose with pandemic habits. True. You’ll hear that “awareness” helps. Sometimes. But the attackers are iterating faster than the advice can keep up. Abnormal’s own CISO put it bluntly in February 2024: “Leveraging QR codes has become an attractive attack technique…because they’re effective at evading both human and technology-based detection” and quishing emails often contain “minimal text content and no obvious URL” (Abnormal Security, 2024). That’s the point. This round is about removing the signals you’ve learned to spot.

There’s also a cost curve shift you can feel at the edges. Insikt Group notes how cheaply large language models can crank out thousands of plausible lures, fast (Insikt Group, 2024). The market for turn-key kits now includes QR options that bundle MFA theft. The kits meet small businesses where they live: inside commodity cloud mail, consumer phones, and PDF-based workflows.

If you run a startup or an SMB, the scenarios worth picturing aren’t exotic.

A vendor “updates” banking details with a tidy, well-formatted PDF. The QR takes you to the familiar login, only the login is one pixel off. You type, approve, and the session is siphoned in the middle. The attacker pulls invoices from your real portal, pastes the letterhead into new requests, and rounds on your customers as “you.”

Or a new contractor asks for a W-9, and the attached template looks like the IRS one you know. The file itself is safe. The QR inside isn’t. A cloned IRS page appears. You give up PII that unlocks accounts in places you don’t watch.

Or you receive a package you didn’t order. There’s a card with a QR to “redeem” or “register.” You scan out of curiosity. Now your phone authorizes an app permission you didn’t quite read (IC3, 2025; USPIS, 2025).

The Hidden Cost of Fake AI Tools

How fake ChatGPT apps and extensions exploit speed, trust, and convenience to hijack business accounts and bleed ad spend.

4FshSagger Khraishi

None of that asks you to click a suspicious blue link. All of it depends on routine behavior. Scan the code. Open the doc. Carry on.

That’s the game in 2025. Not the Hollywood deepfake cameo on your all-hands, though those happen. It’s the quiet churn of believable paperwork and tappable squares, tuned to the rhythm of a small company’s day. The paper trail you can’t see until the money moves.

The worst part: you’re doing your job. Paying bills. Verifying accounts. Filling forms. You just did it through a camera instead of a browser bar.

Learn more about AI

Stay updated with new articles about AI and prompting!

Subscribe

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

As with most shifts in fraud, the truth lands later than the hype. The hype was about video fakes and voice clones. The truth, right now, is about invoices that don’t wobble when you zoom. About QR codes that carry the con from a 13-inch screen to the phone in your hand. About how the modern grift doesn’t need to shout to win.

Founders and SMB execs live in that quiet. Which is why the next breach report you read will look ordinary in the sentences that matter. “We received an invoice.” “We scanned to pay.” “We authenticated.” Then the ellipses. Then the loss.

Quishing and document deepfakes aren’t tomorrow’s problem. They’re today’s workflow. And they leave a paper trail that looks perfect until you follow where it goes.