Organizations Are Vulnerable to Image-based and QR Code Phishing

QR Code Phishing CampaignA majority of organizations have a false sense of security regarding their resistance to phishing attacks, according to a new report from researchers at IRONSCALES and Osterman Research.

“The study surveyed 300 IT and security professionals across a variety of industries and geographies and unveiled a troubling paradox — while over 70% of respondents said they feel their current security stack is highly effective against image-based and QR code phishing, 76% reported being compromised by these types of attacks within the past 12 months — highlighting a stark disparity between the perceived and actual effectiveness of current defenses,” the researchers write.

The report found that very few organizations managed to stop every phishing attack from reaching employees’ inboxes, but trained employees were able to avoid falling for these attacks.

“Only 5.5% of organizations in this research claim that they were able to detect and block all emerging types of phishing attacks so that none were released to users’ inboxes,” the researchers write. “At a further 18.8% of organizations, while their email security stack did release phishing attacks to users’ inboxes, no users fell for them.

At these organizations, cybersecurity awareness training appears to have created sufficient skepticism of unexpected and abnormal email messages to stop the phish from succeeding.” The report concludes that organizations must ensure that their employees can recognize new social engineering tactics.

“Organizations must continuously evolve their phishing simulation programs to mirror the latest phishing techniques observed, providing employees with practical and current examples they may see if the organization’s technical measures fail,” the report says. “Some email security vendors are leveraging generative AI to craft micro-targeted phishing simulation tests optimized for each individual.”

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

IRONSCALES has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews