"QR Codes Used in 22% of Phishing Attacks"

A new study called the "Hoxhunt Challenge" has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk.  The study was conducted in 38 organizations across nine industries and 125 countries and revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to deliver malicious payloads.  The challenge categorized employee responses into three groups: success, miss, and click/scan.  Only 36% of recipients successfully identified and reported the simulated attack, leaving the majority of organizations vulnerable to phishing threats.  The researchers noted that the retail industry had the highest miss rate, with only 2 in 10 employees engaging with the benchmark, while legal and business services outperformed others in identifying and reporting suspicious QR codes.  The researchers stated that job function also affected employee susceptibility, with communications staff being 1.6 times more likely to engage with a QR code attack.  In contrast, employees with legal responsibilities were the most vigilant.  Engaged employees (defined as those who feel passionate about their jobs) had a miss rate of 40%, a stark contrast from those not actively invested in their job responsibilities and the organization, who had a miss rate of 90%.  Additionally, employees who completed onboarding and received pre-training also displayed better vigilance in identifying phishing emails.  The researchers noted that the key takeaway from the Hoxhunt Challenge is the importance of continuous training in cybersecurity, emphasizing the need for training that includes initial onboarding and regular refresher courses.  Failure to provide such training increases susceptibility to cybersecurity threats and puts organizational data at risk.

Infosecurity reports: "QR Codes Used in 22% of Phishing Attacks"