QR Codes in Malicious Emails Gaining Traction
TAMPA BAY, Fla.--BUSINESS WIRE--
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced the results of its Q2 2024 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests showing HR business-related messages are still provoking the most action from employees leading to potentially harmful results.
Phishing emails remain a prevalent and effective tool for cybercriminals to launch malicious attacks on organizations worldwide. These bad actors continuously evolve their tactics, adapting to current market trends and outsmarting both end users and organizations by crafting phishing email subjects that appear authentic and credible. Their strategies often exploit human emotions, aiming to elicit feelings of urgency, confusion, anxiety, or even excitement, all in an attempt to lure recipients into clicking on malicious links or opening harmful attachments. The severity of this threat is underscored by KnowBe4's 2024 Phishing by Industry Benchmarking Report, which reveals that approximately one out of every three users is prone to interacting with suspicious links or complying with fraudulent requests.
HR related email subjects have become increasingly popular as a phishing tactic with cybercriminals over the last year, particularly those relating to dress code changes, training notifications, vacation updates and more. These are effective because they may provoke a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday.
QR codes included in phishing emails are a growing concern with cybercriminals attempting to use these to extract sensitive information or steal money from unsuspecting employees and organizations. Prominent email subjects prompting employees to scan QR codes included MFA migrations, reminders from HR, and password expiration notifications. Additionally, the data reflects the consistent trend of utilizing IT and online service notifications as well as tax-related email subjects.
"Phishing tactics are ever evolving and continue to pose a significant threat to organizations worldwide," said Stu Sjouwerman, CEO at KnowBe4. "We're seeing cybercriminals adapt their strategies at an alarming speed. The continuous rise in HR related phishing emails is especially troubling, as they target the very foundation of organizational trust. Moreover, the increase of QR codes in phishing attempts adds another layer of complexity to these threats. In this environment, it's crucial for organizations to prioritize comprehensive security awareness training. By educating employees about these and other emerging tactics, and cultivating a strong security culture, organizations can mitigate the human risk that exists within."