Innovative cybercriminals are using clever psychological tricks to find their victims. QR codes have recently begun to flourish in phishing emails, exploiting in particular how people have been engaging a lot more with two-factor authentication lately.
QR codes are unfortunately less likely to be scanned and blocked by spamfilters, allowing more of these emails to end up in people's inboxes. What is also really clever about QR codes, is that when people engage with links like these via their phone, they are less likely to be protected by both endpoint detection and network monitoring.
For more information on how QR code phishing scenarios are on the rise, please read our dedicated blog post about this.
This is really a case where awareness and training shows its relevance and value to compensate for a lack of technical controls. It very much also highlights how we depend on people having a sustainable interest to learn about new security challenges, as social engineering methods keep evolving and people need to stay up-to-date.
Secure Practice has therefore released a brand new feature in response to this rising threat, allowing customers to embed dynamic QR codes in simulated phishing templates.
This way, you can make sure everyone your organization has received a sample of this new attack vector, to inspect for themselves, and to analyze and report with MailRisk.
You can now embed a dynamically generated QR code in any simulation email using the new {{QR_CODE}} variable, using the same approach as you may have embedded custom images before, i.e. inside an HTML tag ( (<img src="{{QR_CODE}}">) ).
Or, you may of course simply use one of our default templates available, like the one shown above.