SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
KnowBe4’s new tool to help against QR code phishing attacks
Fri, 26th May 2023

KnowBe4, a security awareness training provider and simulated phishing platform, has launched its new QR Code Phishing Security Test (QR Code PST) tool. The no-charge tool assists organisations in identifying users that are most susceptible to scanning malicious QR codes. 

Many organisations know the typical social engineering techniques used by bad actors, such as phishing, spear phishing and impersonation, to manipulate employees and infiltrate systems. However, bad actors are now taking advantage of the rise in popularity of QR codes and are using them to launch targeted phishing attacks. 

QR code phishing is a social engineering attack that includes a malicious link within a QR code that users are prompted to scan with their smartphones. According to QRTIGER, an online QR code generator company, dynamic QR code scans increased 433% globally from 2021 to 2022 and scans quadrupled in 2022 alone.  

The malicious links in QR Codes take users to risky websites, execute malware or ransomware on their devices, or steal information. Last year, the FBI released a warning that cyber criminals may be tampering with QR codes to direct victims to malicious sites. This is also sometimes referred to as QRLjacking.  

KnowBe4's new QR Code PST helps manage the threat of malicious QR codes by identifying users who may scan these codes and expose an organisation to vulnerabilities that can potentially cause significant downtime and security breach risks. 

The new complementary tool is available for immediate use for up to 100 users in 35 languages, with additional feature options. Additionally, after being used, the tool calculates an organisation's Phish-proneTM Percentage (PPP), the number of end users prone to being phished. 

“QR codes pose a unique cybersecurity threat because unlike traditional phishing, there is no URL to verify or way to confirm its legitimacy before scanning the code,” says Stu Sjouwerman, chief executive officer of KnowBe4. "As bad actors diversify their social engineering techniques, it is imperative that organisations educate their employees on the potential danger of QR codes. KnowBe4’s new QR Code Phishing Security Test is a great tool to use as a first step in determining how vulnerable an organisation is to the threat of malicious QR codes. Training employees to be alert and to think twice before scanning, contributes towards strengthening an organisation’s security culture and encourages a healthy level of scepticism.” 

“KnowBe4 is used by more than 60,000 organisations around the globe. We help organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics,” adds Sjouwerman.