QR codes in malicious emails gaining traction
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform released its Q2 2024 top-clicked phishing report earlier this week, highlighting that HR-related messages are the most effective phishing tactic.These phishing emails, which exploit human emotions like urgency, confusion, or excitement, continue to be a major tool for cybercriminals to attack organizations globally.
The 2024 Phishing by Industry Benchmarking Report reveals that roughly one in three users is likely to interact with suspicious links or fraudulent requests. HR-related emails, such as those about dress code changes, training, and vacation updates, are particularly effective, as they often trigger emotional responses, leading recipients to react without verifying the legitimacy of the email.
A growing concern is the use of QR codes in phishing emails, with cybercriminals using them to extract sensitive information or steal money. Emails about multi-factor authentication (MFA) migrations, HR reminders, and password expirations have prompted employees to scan QR codes, further increasing the risks. Additionally, IT and online service notifications, along with tax-related emails, remain common phishing subjects.
Stu Sjouwerman, CEO of KnowBe4, emphasized the evolving nature of phishing tactics and the growing threat posed by HR-related emails. The rise of QR codes in phishing attacks adds complexity, making it crucial for organizations to prioritize comprehensive security awareness training. By educating employees on these emerging tactics and fostering a strong security culture, organizations can reduce human risk and protect themselves from cyber threats. - Distributed by APO Group on behalf of KnowBe4.