Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    QR Code Phishing is Still on the Rise. The SEG is Dead.

    QR Code Phishing CampaignOrganizations need to be aware of the threat posed by QR code phishing (quishing), according to researchers at Trend Micro.

    “Phishing emails continue to be the number one attack vector for organizations,” the researchers write.

    “A QR code phishing, or quishing attack, is a modern social engineering cyber attack technique manipulating users into giving away personal and financial information or downloading malware. It targets C-level executives and the highest strategic roles within a company.”

    Since QR codes don’t use a text-based link, they can slip past email security filters to target humans directly. Humans likewise can’t analyze the link itself before scanning the code.

    “Quishing can bypass traditional security email gateways, evading email filtering tools and identity authentication,” Trend Micro says. “This allows cyberattacks to move from a protected email to the user’s less secure mobile device, where cybercriminals can obtain confidential information, such as payment details, for fraudulent purposes.

    For instance, a malicious QR code hidden in a PDF or an image (JPEG/PNG) file attached to an email can bypass email security protection, such as filtering and flagging. This allows the email to be delivered directly to the user’s inbox without being analyzed for clickable content.”

    Trend Micro says users should be on the lookout for the following red flags associated with QR codes:

    • “No context. Exercise caution if the QR code lacks context or appears out of place, such as QR codes randomly placed in a public area

    • Web links. Avoid sites accessed through QR codes that request payments. Instead, enter a known and trusted URL for transactions
    • Overlays. Be wary if the QR code is placed over existing signs or labels, as scammers may try to cover up legitimate information
    • Too much information: Be skeptical of QR codes that ask for excessive permissions (e.g., access to your camera, contacts, or location) beyond what is necessary”

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Trend Micro has the story.

     

    Return To KnowBe4 Security Blog

    Free QR Code Phishing Security Test

    Did you know dynamic QR code scans increased 433% globally from 2021 to 2022? Try our free QR Code Phishing Security Test to identify users that are most susceptible to these types of attacks so you can train them to think twice before scanning QR codes and build a stronger security culture.

    Monitor-QRT-2Here's how it works:

    • Immediately start your test for up to 100 users (no need to talk to a person)
    • Select from 35 languages and choose one of 3 templates
    • Choose from a “red flags missed” or a “404 error” landing page
    • Get a PDF emailed to you in 24 hours with your Phish-prone Percentage

    Go Phishing Now!

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://www.knowbe4.com/qr-code-phishing-security-test

    Topics: Social Engineering, Phishing, Security Culture

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews