QR Code Phishing on the Rise: The Alarming Findings From the Hoxhunt Challenge

QR Code Phishing on the RiseAs the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge, a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing attacks.

The report reveals a startling 22% increase in the use of QR codes as a means to deliver malicious payloads in phishing attacks during the early weeks of October 2023. In this blog post, we will delve into the Hoxhunt Challenge's key findings and explore the implications of this rise in QR code phishing.

The Three Categories: Success, Miss and Click/Scan

One of the most revealing aspects of the Hoxhunt Challenge was the categorization of employee responses into three distinct groups: success, miss and click/scan. The statistics paint a concerning picture - only 36% of recipients successfully identified and reported the simulated phishing attack. This leaves a significant majority of organizations exposed to the ever-persistent threat of phishing.

Industries in the Spotlight

The study highlights significant disparities between different industries when it comes to susceptibility to QR code phishing. Notably, the retail industry had the highest miss rate, with only 2 in 10 employees successfully identifying and reporting suspicious QR codes. On the other hand, the legal and business services sector outperformed other industries in their ability to detect and report these threats. 

The Role of Job Function and Engagement

Another key takeaway from the Hoxhunt Challenge was the influence of job function on employee susceptibility. Employees in communications roles were found to be 1.6 times more likely to engage with a QR code attack. In contrast, employees with legal responsibilities were the most vigilant in identifying and reporting suspicious QR codes.

This highlights the need for customized security awareness training programs designed to suit various job roles within organizations.

The report also underlines the pivotal role of employee engagement in mitigating the risk of falling victim to phishing attacks. Engaged employees, defined as those who are passionate about their jobs and actively invested in their responsibilities and the organization, had a miss rate of 40%. This stands in stark contrast to less-engaged employees, who exhibited a high miss rate of 90%. It is clear that fostering a workplace culture that encourages engagement not only enhances overall productivity but also improves the organization's defense against cybersecurity threats.

The Value of Training Your Employees

The Hoxhunt Challenge's findings underscore the significance of onboarding processes and training your users. Employees who completed their training displayed better vigilance in identifying phishing emails. 

The rise of QR code phishing attacks, as highlighted by the Hoxhunt Challenge, is a reminder of the ever-present threat that organizations face in the digital age. With cybercriminals using QR codes to thwart their attacks, organizations must take this alarming trend seriously. To reduce their susceptibility to such attacks, you should consider implementing new-school security awareness training to your organization. 

KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Infosecurity Magazine has the full story. 

Free QR Code Phishing Security Test

Did you know dynamic QR code scans increased 433% globally from 2021 to 2022? Try our free QR Code Phishing Security Test to identify users that are most susceptible to these types of attacks so you can train them to think twice before scanning QR codes and build a stronger security culture.

Monitor-QRT-2Here's how it works:

  • Immediately start your test for up to 100 users (no need to talk to a person)
  • Select from 35 languages and choose one of 3 templates
  • Choose from a “red flags missed” or a “404 error” landing page
  • Get a PDF emailed to you in 24 hours with your Phish-prone Percentage

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews