Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    QR Code Phishing Campaigns on the Rise

    Stu Sjouwerman | Nov 29, 2023

    QR Code QishingThere’s been a “precipitous rise” in QR code phishing  campaigns in 2023, according to Matthew Tyson at CSO.

    “For the attacker, QR codes bring a number of benefits, including some appreciated by legitimate businesses: they are easy to create and easy to use,” Tyson writes. “It is easy for attackers to use free resources to generate convincing QR code enabled phishing emails, attachments, and websites — a mechanism that can increase the effectiveness of their efforts with minimum effort.”

    Olesia Klevchuk, director of email protection at Barracuda, told CSO that QR codes are more difficult for security defenses to detect.

    “URL scanning and URL rewrite technologies are ineffective against QR code attacks because there is simply no link to scan,” Klevchuk said. “Because users have to scan QR codes with their phones, it basically moves these attacks to an entirely new device that is often outside of the company's security.”

    Tyson says organizations should implement the following layers of defense to help thwart QR code phishing attacks:

    • Education: Ensure users are aware of the quishing trend and emphasize that QR codes are not an indication of legitimacy."
    • Prevention: Automated systems that filter emails and URLs should be examined and hardened against QR codes. Existing use of QR codes by the enterprise should be examined to make it as hard as possible for attackers to hijack them."
    • Response: Detection and lockout mechanisms should be in place to protect against account compromise."
    • Validation: Incorporate QR code attacks red teaming tests and attack simulations.”

    Tyson adds, “As technology-oriented professionals, we work towards a technology-oriented solution, but education and awareness play their part. We've gotten used to harping on the distrust of emails and confirming through a second channel anything significant. QR code attacks adds an important element: QR codes are not any kind of indication of legitimacy.”

    KnowBe4 enables your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    CSO has the story.

    Topics: Phishing Security Culture

    Is Your Organization Vulnerable to Quishing?

    Traditional filters often miss malicious links hidden in QR codes. Launch our Free Quishing Test for up to 100 users to identify security gaps and receive your custom Phish-prone Percentage report within 24 hours.

    Get Your Free Quishing Test

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All