KnowBe4 has recently launched a new tool that can assist organizations in identifying employees who may be targeted by bad actors with QR code phishing. The new tool is called the QR Code Phishing Security Test (QR Code PST). Many organizations are aware of the techniques used by bad actors such as phishing and spear-phishing to manipulate their employees and infiltrate their systems. However, now bad actors are using QR codes to launch targeted phishing attacks. This is the reason why the QR Code PST tool was developed.
QR code phishing is a social-engineering attack method. It includes a malicious link within a QR code that the user is prompted to scan with a smartphone. Statistics showed a massive 433% increase of dynamic QR code scans globally from 2021 to 2022. Furthermore, the scans quadrupled in just one year, which is why it is essential to develop tools aimed at protecting organizations.
The significant danger associated with QR code phishing is that malicious links can be inserted into QR codes that lead users to risky websites or execute malware/ransomware on their devices or even steal information. Critical examples of QR code phishing attacks include a pandemic-related fraudulent QR code scam initiated in July 2020. At that time, a restaurant in Tampa placed a fraudulent QR code at its eatery site, leading to a malicious site that was aimed at capturing credit card details and personal information.
KnowBe4’s new QR Code PST tool helps organizations manage the threat of malicious QR codes by identifying users who may be vulnerable to these types of attacks. The tool is available at no cost, and it can be used immediately for up to 100 users in 35 languages. Additionally, after using the QR Code PST tool, an organization can calculate the percentage of end-users who are prone to being phished using the knowbe4 “phish-prone percentage” (PPP).
KnowBe4’s CEO, Stu Sjouwerman, indicated that “QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code. As bad actors diversify their social engineering techniques, it is imperative that organizations educate their employees on the potential danger of QR codes.”
Training employees to be aware and alert and to think twice before scanning a QR code ultimately strengthens an organization’s security culture and instills a healthy level of skepticism among its employees. It is essential to note that KnowBe4’s QR Code PST tool should be used as the first step in determining an organization’s vulnerability to the threat of malicious QR codes.