KnowBe4 helps companies battle QR code phishing attacks with new tool

Stu Sjouwerman, CEO, KnowBe4
Stu Sjouwerman, Chief Executive Officer at KnowBe4

KnowBe4, global provider of security awareness training and simulated phishing platform, announced the launch of its new QR Code Phishing Security Test (QR Code PST) tool.

What does KnowBe4’s QR Code PST mean for clients?

The no-charge tool assists firms in identifying users that are most susceptible to scanning malicious QR codes. QR-Code-Phishing-EM. Many firms are aware of the typical social engineering techniques used by bad actors like phishing, spear phishing and impersonation, to manipulate employees and infiltrate systems. But bad actors are now taking advantage of the rise in popularity of QR codes and are using them to launch targeted phishing attacks.

QR code phishing is a social engineering attack that includes a malicious link within a QR code that users are prompted to scan with their smartphones. According to QRTIGER, an online QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone. The malicious links in QR Codes take users to risky websites, execute malware or ransomware on their devices or steal information.

In fact, last year the FBI released a warning that QR codes may be tampered with by cybercriminals to direct victims to malicious sites. This is also sometimes referred to as QRLjacking. KnowBe4’s new QR Code PST helps manage the threat of malicious QR codes by identifying users who may scan these codes and expose an organisation to vulnerabilities that have the potential to cause significant downtime and security breach risks.

The complementary tool is available for immediate use for up to 100 users in 35 languages with additional feature options. Also, after being used the tool calculates a firm’s Phish-proneTM Percentage (PPP) — the number of end users who are prone to being phished.

Why is KnowBe4’s QR Code PST a game-changer?

“QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code. As bad actors diversify their social engineering techniques, it is imperative that organisations educate their employees on the potential danger of QR codes,” said Stu Sjouwerman, CEO at KnowBe4.

“KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organisation is to the threat of malicious QR codes. Training employees to be alert and to think twice before scanning, contributes towards strengthening an organisation’s security culture and encourages a healthy level of skepticism,” he added.

To begin using the new, complementary QR Phishing Security Test, visit the website.

What is the wider industry context of this product launch?

Social engineering is a type of cyber attack that relies on human interaction to trick victims into revealing sensitive information or taking actions that harm themselves or their organization. Social engineers often use techniques such as phishing, pretexting, and tailgating to exploit human emotions and vulnerabilities.

Phishing is a common social engineering attack that involves sending emails or text messages that appear to be from a legitimate source, such as a bank or government agency. The emails or text messages often contain a link that, when clicked, takes the victim to a fake website that looks like the real one. Once the victim enters their login credentials on the fake website, the attacker can steal them.

Pretexting is another common social engineering attack that involves creating a false scenario to trick the victim into revealing sensitive information. For example, an attacker might pose as a customer service representative from a company and call the victim, claiming that there is a problem with their account. The attacker might then ask the victim for their personal information, such as their Social Security number or credit card number.

Tailgating is a social engineering attack that involves following someone into a secure area without authorization. For example, an attacker might follow an employee into a building after they have used their access card to enter. Once inside, the attacker can steal sensitive information or cause other damage.

In 2023, social engineering attacks are becoming more sophisticated and targeted. Attackers are using artificial intelligence (AI) and machine learning (ML) to create more realistic and believable phishing emails and text messages. They are also using social media to gather information about their targets, which they can then use to create more personalized pretexting attacks.

To protect yourself from social engineering attacks, it is important to be aware of the different techniques that attackers use. You should also be careful about what information you share online and who you trust. If you receive an email or text message from someone you don’t know, don’t click on any links or open any attachments. Instead, contact the sender directly to verify the authenticity of the message.

You should also be careful about what information you share in public places, such as coffee shops and airports. Attackers can use information that you share in these places to create more personalized social engineering attacks.

By being aware of the risks and taking steps to protect yourself, you can help to reduce your chances of becoming a victim of a social engineering attack.

Here are some additional tips for protecting yourself from social engineering attacks:

  • Be suspicious of any unsolicited emails or text messages. If you don’t recognize the sender or the message seems suspicious, don’t click on any links or open any attachments.
  • Use strong passwords and change them regularly. Don’t use the same password for multiple accounts.
  • Be careful about what information you share online. Don’t post your personal information, such as your Social Security number or credit card number, on social media or other public websites.
  • Keep your software up to date. Software updates often include security patches that can help to protect your computer from known vulnerabilities.
  • Use a security awareness training program. A security awareness training program can help you to learn how to identify and avoid social engineering attacks.

Gerald Ainomugisha is a business news reporter and freelance B2B marketer with over 10 years of experience in writing high-converting copy and content for businesses of all kinds, especially SaaS providers in the niches of HR, IT, fintech, eCommerce and web3. Since joining Upwork in 2012 (back when it was still eLance), Gerald A. has delivered great results for hundreds of clients, maintaining a 98% Job Success rate as well as 5+ years of Top Rated Plus rating (and Premium Writers Talent Cloud membership). Book a meeting with Gerald A. today to get the powerful SEO content you need! 

Gerald Ainomugisha, B2B marketing expert