KnowBe4 has launched its new and complementary QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organisations in identifying users that are most susceptible to scanning malicious QR codes.
Many organisations are aware of the typical social engineering techniques used by bad actors such as phishing, spear phishing and impersonation, to manipulate employees and infiltrate systems. However, bad actors are now taking advantage of the rise in popularity of QR codes and are using them to launch targeted phishing attacks.
code phishing is a social engineering attack that includes a malicious link within a QR
code that users are prompted to scan with their smartphones. According to QRTIGER
, an online QR
code generator company, dynamic QR
code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone.
The malicious links in QR
Codes take users to risky websites, execute malware or ransomware on their devices or steal information. In fact, last year the FBI released a warning
codes may be tampered with by cybercriminals to direct victims to malicious sites. This is also sometimes referred to as QRLjacking
KnowBe4’s new QR
Code PST helps manage the threat of malicious QR
codes by identifying users who may scan these codes and expose an organisation to vulnerabilities that have the potential to cause significant downtime and security breach risks. The new, complementary tool is available for immediate use for up to 100 users in 35 languages with additional feature options. Additionally, after being used, the tool calculates an organisation’s Phish-proneTM Percentage (PPP)
— the number of end users who are prone to being phished.
“QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code,” said Stu Sjouwerman, CEO, KnowBe4. “As bad actors diversify their social engineering techniques, it is imperative that organisations educate their employees on the potential danger of QR codes. KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organisation is to the threat of malicious QR codes. Training employees to be alert and to think twice before scanning, contributes towards strengthening an organisation’s security culture and encourages a healthy level of scepticism.”