Scanning for Trouble: Behind the Scenes of Our QR Code Phishing Demo

At KnowBe4, we constantly strive to stay ahead of emerging threats and create training content to warn users about the latest tactics used by cybercriminals.

One of the ways we do this is through our internally produced demo video productions, which used to star the incredible Kevin Mitnick and his legendary hacking demos. In these modules we showcase real-world attack scenarios and provide actionable insights on how to defend against them. 

Last year my colleague Dr. Martin Krämer and I had the opportunity to present such a demo on QR code phishing and other image-based phishing techniques. While we’re used to discussing cybersecurity threats, being in front of the camera was a whole new challenge. And we did this in both English and German.  

The Growing Threat of QR Code Phishing

QR codes have become ubiquitous in our daily lives, used for everything from accessing restaurant menus to making payments. However, cybercriminals have recognized their potential as a phishing vector. In our demo, we walked through a real-world example of how attackers embed malicious links into QR codes, tricking users into scanning them and unwittingly entering their credentials on fraudulent websites.

One key takeaway from our demo was the importance of vigilance when encountering QR codes, especially those received via email or printed on stickers placed in public locations. We highlighted red flags to watch for, such as:

• Unsolicited QR codes in emails or messages claiming to be urgent
• QR codes that redirect to login pages asking for credentials
• Fake QR codes placed over legitimate ones in public areas
• A lack of contextual information about where the QR code leads

More Than Just a Talk—A Real Demo in Action

While cybersecurity education is our passion, stepping into the role of both educators and on-camera presenters was a humbling experience. Demonstrating an actual attack while simultaneously explaining it to an audience is no small feat. The challenge wasn’t just in ensuring technical accuracy but also in engagingly presenting the information while maintaining natural delivery.

From coordinating with the production team to nailing the timing of our explanations, we quickly learned that video production is an art form. The experience gave us a newfound respect for professional actors—conveying expertise while staying composed under bright lights and multiple takes is no easy task.

Our QR code phishing demo is just one of several engaging modules we’ve worked on. Other recent productions featured our colleagues and security experts Roger Grimes, Javvad Malik and Colin Murphy tackling critical cybersecurity threats, including:

• Cloud Ransomware Attacks – How attackers exploit cloud environments and best practices to prevent breaches
• Slack Attack - hands-on demonstration of the tactics involved in a cyberattack using Slack, a business communication system
• Microsoft Teams – Demonstrating how cybercriminals infiltrate workplace communication tools like MS Team to manipulate employees

Each of these demos brings cybersecurity concepts to life in a way that traditional training materials often cannot. Seeing an attack in action, step by step, makes it more impactful than simply reading about it. They are now all available as standalone video modules in the ModStore and incorporated into the core modules. 

The Heroes Behind the Camera

A huge shout-out goes to our incredible content production team, who made these modules possible. Creating high-quality training content isn’t just a matter of pointing a camera at someone and filming—it’s a complex process that takes months of planning, research, and the expertise of many professionals. From crafting well-researched scripts to managing the entire production process, and keeping us well-fed and energized, their dedication was instrumental. The camera crew, editors, and production managers worked tirelessly behind the scenes to bring these training modules to life, and their efforts truly deserve recognition.

Lessons Learned and Looking Ahead

These training modules are part of our annual flagship series and are available in 35 different languages. The German and English versions were originally recorded, while the remaining languages were professionally dubbed to ensure accessibility for a global audience.

While presenting in front of a camera was initially daunting, we look forward to producing more of this type of training content and helping our customer organisations be safer online. We are already planning for the next set of hacking demos that will be recorded in the coming months so stay tuned for more in the ModStore.