22% of Phishing Attacks Use QR Codes

The Hoxhunt Challenge has revealed concerning patterns in the vulnerability of employees to phishing attempts, underscoring the vital role that employee involvement plays in lowering human risk.

According to a recent survey conducted in 38 firms across 9 industries and 125 countries, 22% of phishing assaults in the first weeks of October 2023 used harmful payloads delivered by QR codes.

QR codes used in 22% of phishing attacks

QR codes used in 22% of phishing attacks

Employee answers were divided into 3 categories by the challenge: click/scan, miss, and success.

Most businesses remain susceptible to phishing risks since just 36% of the recipients were able to identify and report the simulated attack.

With just 2 out of 10 employees engaging with the benchmark, the retail industry had the greatest miss rate.

In contrast, legal and business services did better than other industries in spotting and reporting suspicious QR codes.

The necessity of ongoing cybersecurity training is the primary takeaway to be gained from the Hoxhunt Challenge.

It highlights the importance of training, which should include both initial onboarding and ongoing refresher sessions.

Organizational data is at risk and is more vulnerable to cybersecurity attacks when such training is not provided.

Georgia Weidman, security architect at Zimperium, cautioned, "There is no real security built into QR codes themselves and [they] should be treated as such when threat modeling applications that use them."