KnowBe4 is now offering a complementary QR code phishing security test tool that identifies users who are victims of QR code phishing attacks. The free tool (QR Code PST) helps businesses identify end-users who are particularly vulnerable to scanning malicious QR codes.
Many companies are aware of the typical social engineering techniques used by malicious actors. These include phishing, spear phishing and identity theft to manipulate employees and infiltrate systems. Actors have now recognized the popularity of QR codes and are using them for targeted phishing attacks.
Targeted QR code phishing attacks
QR code phishing is a social engineering attack that embeds a malicious link in a QR code that users are instructed to scan with their smartphone. According to QRTIGER, a company that generates online QR codes, dynamic QR code scans increased 2021 percent globally from 2022 to 433. In 2022 alone, scans quadrupled.
The malicious links in QR codes direct users to risky websites, run malware or ransomware on their devices, or steal information. Last year, the FBI issued a warning that QR codes can be manipulated by cybercriminals to direct victims to malicious websites. This process is also sometimes referred to as QRLjacking.
Harmless QR codes hide malicious websites
QR Code PST helps to deal with malicious QR code threat. It identifies users who scan these codes, exposing organizations to vulnerabilities that can lead to significant downtime and security breaches. The new, complementary tool is available for immediate use by up to 100 users in 35 languages with additional functional options. In addition, after use, the tool calculates a company's Phish-proneTM Percentage (PPP) – the number of end users who are vulnerable to phishing.
"QR codes pose a clear cybersecurity threat because, unlike traditional phishing, there is no URL to verify before scanning the code, or any way to confirm legitimacy," said Stu Sjouwerman, CEO at KnowBe4. “As malicious actors diversify their social engineering techniques, it is imperative that organizations educate their employees about the potential danger of QR codes. KnowBe4's new QR code phishing security test is a great first step tool to determine how vulnerable an organization is to the malicious QR code threat. Training employees to be vigilant and think twice before scanning helps reinforce an organization's security culture and encourages a healthy level of skepticism.”
More at Knowbe4.com
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.