Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    QR Code Phishing is Still on the Rise. The SEG is Dead.

    Stu Sjouwerman | Jul 29, 2024

    QR Code Phishing CampaignOrganizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro.

    “Phishing emails continue to be the number one attack vector for organizations,” the researchers write.

    “A QR code phishing, or quishing attack, is a modern social engineering cyber attack technique manipulating users into giving away personal and financial information or downloading malware. It targets C-level executives and the highest strategic roles within a company.”

    Since QR codes don’t use a text-based link, they can slip past email security filters to target humans directly. Humans likewise can’t analyze the link itself before scanning the code.

    “Quishing can bypass traditional security email gateways, evading email filtering tools and identity authentication,” Trend Micro says. “This allows cyberattacks to move from a protected email to the user’s less secure mobile device, where cybercriminals can obtain confidential information, such as payment details, for fraudulent purposes.

    For instance, a malicious QR code hidden in a PDF or an image (JPEG/PNG) file attached to an email can bypass email security protection, such as filtering and flagging. This allows the email to be delivered directly to the user’s inbox without being analyzed for clickable content.”

    Trend Micro says users should be on the lookout for the following red flags associated with QR codes:

    • “No context. Exercise caution if the QR code lacks context or appears out of place, such as QR codes randomly placed in a public area

    • Web links. Avoid sites accessed through QR codes that request payments. Instead, enter a known and trusted URL for transactions
    • Overlays. Be wary if the QR code is placed over existing signs or labels, as scammers may try to cover up legitimate information
    • Too much information: Be skeptical of QR codes that ask for excessive permissions (e.g., access to your camera, contacts, or location) beyond what is necessary”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Trend Micro has the story.

    Topics: Social Engineering Phishing Security Culture

    Is Your Organization Vulnerable to Quishing?

    Traditional filters often miss malicious links hidden in QR codes. Launch our Free Quishing Test for up to 100 users to identify security gaps and receive your custom Phish-prone Percentage report within 24 hours.

    Get Your Free Quishing Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All