As the digital landscape continues to evolve, so do the tactics of cybercriminals. The Hoxhunt Challenge, a comprehensive study conducted across 38 organizations spanning nine industries and 125 countries, has uncovered a disconcerting trend in the world of QR code phishing attacks.
The report reveals a startling 22% increase in the use of QR codes as a means to deliver malicious payloads in phishing attacks during the early weeks of October 2023. In this blog post, we will delve into the Hoxhunt Challenge's key findings and explore the implications of this rise in QR code phishing.
The Three Categories: Success, Miss and Click/Scan
One of the most revealing aspects of the Hoxhunt Challenge was the categorization of employee responses into three distinct groups: success, miss and click/scan. The statistics paint a concerning picture - only 36% of recipients successfully identified and reported the simulated phishing attack. This leaves a significant majority of organizations exposed to the ever-persistent threat of phishing.
Industries in the Spotlight
The study highlights significant disparities between different industries when it comes to susceptibility to QR code phishing. Notably, the retail industry had the highest miss rate, with only 2 in 10 employees successfully identifying and reporting suspicious QR codes. On the other hand, the legal and business services sector outperformed other industries in their ability to detect and report these threats.
The Role of Job Function and Engagement
Another key takeaway from the Hoxhunt Challenge was the influence of job function on employee susceptibility. Employees in communications roles were found to be 1.6 times more likely to engage with a QR code attack. In contrast, employees with legal responsibilities were the most vigilant in identifying and reporting suspicious QR codes.
This highlights the need for customized security awareness training programs designed to suit various job roles within organizations.
The report also underlines the pivotal role of employee engagement in mitigating the risk of falling victim to phishing attacks. Engaged employees, defined as those who are passionate about their jobs and actively invested in their responsibilities and the organization, had a miss rate of 40%. This stands in stark contrast to less-engaged employees, who exhibited a high miss rate of 90%. It is clear that fostering a workplace culture that encourages engagement not only enhances overall productivity but also improves the organization's defense against cybersecurity threats.
The Value of Training Your Employees
The Hoxhunt Challenge's findings underscore the significance of onboarding processes and training your users. Employees who completed their training displayed better vigilance in identifying phishing emails.
The rise of QR code phishing attacks, as highlighted by the Hoxhunt Challenge, is a reminder of the ever-present threat that organizations face in the digital age. With cybercriminals using QR codes to thwart their attacks, organizations must take this alarming trend seriously. To reduce their susceptibility to such attacks, you should consider implementing new-school security awareness training to your organization.
KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Infosecurity Magazine has the full story.