The report emphasises the increasing use of QR codes in phishing campaigns. Common themes for such attacks include emails purporting to be HR reminders, requests to review policy documents, urgent DocuSign approvals, and Zoom meeting invitations
A new report from KnowBe4 highlights the growing sophistication of phishing attacks, with a significant rise in phishing campaigns leveraging QR codes. Released as part of the organisation’s Q3 2024 Phishing Report, the findings reveal a continued reliance on HR and IT-related phishing emails, accounting for 48.6 per cent of globally clicked phishing types during simulated tests.
Despite technological advancements in cybersecurity, phishing remains a dominant threat vector. KnowBe4’s Phishing by Industry Benchmarking Report indicates that nearly one in three users still falls prey to phishing attempts, underscoring the vulnerability posed by human error. Cybercriminals exploit this weakness by crafting emails that appear authentic, using emotional triggers like urgency to compel users to click malicious links or attachments.
Emerging Trends In Phishing
The report emphasises the increasing use of QR codes in phishing campaigns. Common themes for such attacks include emails purporting to be HR reminders, requests to review policy documents, urgent DocuSign approvals, and Zoom meeting invitations. These messages often mimic trusted sources, such as colleagues or vendors, making them highly deceptive and challenging to identify.
Stu Sjouwerman, CEO of KnowBe4, stated, “Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications. The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification.”
Broader Implications
The report also reiterated that embedded email links remain the top attack vector for phishing campaigns, often leading to devastating outcomes like ransomware attacks and business email compromises. These incidents highlight the importance of robust training and a strong organisational security culture to mitigate risks.
“A well-trained workforce and a robust security culture are not just beneficial—they are essential,” Sjouwerman added. “By prioritising human risk management, organisations can effectively build a formidable defence against avoidable cyberthreats.”
As phishing tactics continue to evolve, the report serves as a timely reminder for organisations to invest in employee training and adopt proactive security measures to navigate an increasingly complex cyberthreat landscape.
