When it comes to business, employees often receive emails from websites enforcing 2FA from the system administrator. Some employees may not think anything about this, and simply comply to make sure they don’t get future emails from IT and their manager reminding them to follow up on an email that is now 100 emails down in their inbox!
Malicious users understand this and have found ways of using QR codes (often used as part of the set-up process of 2FA) to gain access to smartphones. In QR code phishing emails, the scammer embeds a malicious link on a QR code to try and convince you to scan to access a harmful website in an attempt to obtain sensitive information.
Embedding the malicious links on QR codes makes it difficult for you to recognize that the website is suspicious. It helps the scammers circumvent old-style security checks that help flag malicious links in emails. This highlights the importance of Bring Your Own Device policies as well as security training. When training your employees, make sure to demonstrate what phishing emails are and how you can identify a suspicious email.
At CYBX, we can regularly perform phishing campaigns to assess how secure your business is against phishing, this includes the configuration of anti-spam as well as how good your employees are with identifying and properly handling phishing emails. If an employee makes a mistake, we can refer them to specified, free training to prevent that mistake happening again.
Found this article interesting? Follow us on LinkedIn to read more blogs!