QR Codes Used in 22% of Phishing Attacks

The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk. The study, published today and conducted in 38 organizations across nine industries and 125 countries, revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to deliver malicious payloads. The challenge categorized employee responses into three groups: success, miss and click/scan. Only 36% of recipients successfully identified and reported the simulated attack, leaving the majority of organizations vulnerable to phishing threats. The retail industry had the highest miss rate, with only 2 in 10 employees engaging with the benchmark, while legal and business services outperformed others in identifying and reporting suspicious QR codes. "QR codes are becoming a ubiquitous part of our everyday life. We all love shortcuts, and QR codes are extremely beneficial and convenient," commented Timothy Morris, chief security advisor at Tanium. "Users should be extremely suspicious of QR codes that arrive via email." As per the Hoxhunt Challenge, job function also affected employee susceptibility, with communications staff being 1.6 times more likely to engage with a QR code attack. In contrast, employees with legal responsibilities were the most vigilant. Engaged employees had a miss rate of 40%, a stark contrast from those not actively invested in their job responsibilities and the organization, who had a miss rate of 90%. Additionally, employees who completed onboarding and received pre-training also displayed better vigilance in identifying phishing emails. The key takeaway from the Hoxhunt Challenge is the importance of continuous training in cybersecurity, emphasizing the need for training that includes initial onboarding and regular refresher courses. Failure to provide such training increases susceptibility to cybersecurity threats and puts organizational data at risk. "There is no real security built into QR codes themselves and [they] should be treated as such when threat modeling applications that use them," warned Georgia Weidman, security architect at Zimperium. "If your organization uses QR codes for authentication, it is important to be aware of the kinds of attacks that attackers are using and to implement mitigation strategies for them." QR codes were also explored in a blog post published by SlashNext on Wednesday that reported the growing risks related to quishing and QRLJacking, underscoring the emerging cybersecurity challenges posed by QR codes as an attack vector.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to QR Codes Used in 22% of Phishing Attacks

Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
8 months ago Techrepublic.com
New phishing attack steals your Instagram backup codes to bypass 2FA - A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. Two-factor authentication is a ...
9 months ago Bleepingcomputer.com
Top Characteristics of a QR Code Phishing Email - As campaigns using QR codes grow in size and complexity it is important to track not just the QR codes themselves, but also the context of the emails delivering the QR codes. Others use images embedded in the email or QR codes rendered from external ...
10 months ago Securityboulevard.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
1 year ago Trendmicro.com
"Quishing" you a Happy Holiday Season - QR Code phishing scams - What they are and how to avoid them. Originally invented to keep track of car parts in the early 90s, QR codes have been around for decades. Quishing, or QR Code phishing, exploits smartphone users scanning the 2D barcode, ...
9 months ago Netcraft.com
Here's How To Steer Clear Of QR Code Hacking - QR codes, present for years and widely embraced during COVID-19, offer great benefits. Cybercriminals exploit them, creating malicious QR codes to unlawfully access your personal and financial data. These tampered codes pose a threat, potentially ...
9 months ago Cysecurity.news
QR Code 'Quishing' Attacks on Execs Surge, Evading Email Security - Email attacks relying on QR codes surged in the last quarter, with attackers specifically targeting corporate executives and managers, reinforcing recommendations that companies place additional digital protections around their business leadership. ...
8 months ago Darkreading.com
Phishing Campaign Targets Instagram Users, Steals Backup Codes and Circumvent 2FA Protection - A recent phishing scheme has emerged, posing as a 'copyright infringement' email to deceive Instagram users and pilfer their backup codes. These codes, integral for the recovery of accounts, are used to circumvent the two-factor authentication ...
9 months ago Cysecurity.news
QR Codes Used in 22% of Phishing Attacks - The Hoxhunt Challenge has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk. The study, published today and conducted in 38 organizations across nine industries ...
10 months ago Infosecurity-magazine.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
8 months ago Helpnetsecurity.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
8 months ago Gbhackers.com
QR Code Phishing Attacks Target High-Level Executives: Report - C-level executives and others in managerial positions are by far the top targets of increasingly popular phishing attacks that involve malicious QR codes. Bad actors know that if they can get into the email of a highly placed executive, it opens up ...
8 months ago Securityboulevard.com
How to Scan a QR Code On iPhone - The iPhone offers multiple ways of scanning QR codes, but the quickest and easiest method is using its built-in camera app. Open your camera app and point at a QR code; a notification will appear in the lower-right corner of the screen. Follow the QR ...
9 months ago Hackercombat.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
5 months ago Hackread.com
QR Code Scammers are Changing Tactics to Evade Detection - Check Point researchers last year saw a 587% increase between August and September of phishing attacks enticing unsuspecting targets to click on QR codes that then redirect them to malicious pages used for harvesting credentials. The cybersecurity ...
8 months ago Securityboulevard.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
7 months ago Cyberdefensemagazine.com
Payoneer accounts in Argentina hacked in 2FA bypass attacks - Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping. Payoneer is a financial services platform providing online money ...
8 months ago Bleepingcomputer.com
Post-quantum cryptography: Code-based cryptography - One option is to use error correction codes as a cryptographic primitive. The basics Error correction codes are digital codes used to reliably send data through an unreliable channel. In a noisy channel, corruption of some of the bits would yield an ...
3 months ago Redhat.com
Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
7 months ago Darkreading.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
4 months ago Hackread.com
Watch out for "I can't believe he is gone" Facebook phishing posts - This phishing attack is ongoing and widely spread on Facebook through friend's hacked accounts, as the threat actors build a massive army of stolen accounts for use in further scams on the social media platform. As the posts come from your friends' ...
8 months ago Bleepingcomputer.com
5 Common Phishing Vectors and Examples - Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments. Let's take a closer look at these types and examine examples of ...
4 months ago Cybersecuritynews.com
New Instagram Phishing Attack Steals 2FA backup Codes - A new phishing campaign targeting Instagram users has been discovered, which uses several different techniques to lure victims into phishing websites and steal Instagram's two-factor backup codes. Instagram backup codes are five eight-digit codes ...
9 months ago Cybersecuritynews.com
Police takes down BulletProftLink large-scale phishing provider - The notorious BulletProftLink phishing-as-a-service platform that provided more than 300 phishing templates has been seized, the Royal Malaysian Police announced. The operation started in 2015 but came to researchers' radar later and became more ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)