A Rising Threat Costing Companies Millions Annually

IBM recently revealed in a study a sharp increase in the costs of cyberattacks resulting from traditional phishing operations. The average cost of data breaches for companies due to these attacks has risen by 10% in 2024, reaching $4.9 million. These attacks rely on using emails that contain malicious links aimed at stealing user data.

How Does Phishing via QR Codes Work?

One of the prominent forms of modern phishing is "Quishing" attacks, which involve sending emails that appear to come from trusted entities like banks or telecommunications companies. These messages include a QR code with instructions for users to scan it to verify their identity or update their account information. Artificial intelligence technologies, particularly large language models, have enhanced the effectiveness of these attacks, enabling attackers to create thousands of high-quality phishing messages that are free of grammatical errors and more convincing, making them harder to detect. The cost of these operations is extremely low, with the potential to produce 1,000 phishing messages in less than two hours for just $10.

Why Do Quishing Attacks Succeed?

These attacks are characterized by their simplicity and speed of execution, as well as the leniency users show towards QR codes. Individuals have become accustomed to scanning these codes without hesitation to quickly access services or information, making them more susceptible to falling into traps. The risks are compounded by free online tools that allow anyone to create QR codes that look entirely authentic, and their content cannot be distinguished until scanned. Moreover, these codes are used to direct users to fake websites that mimic original sites, where they are asked to provide sensitive data or have malware covertly installed on their devices.

Global Statistics Highlight the Severity of the Threat

A report from McAfee released last May indicated that over 20% of cyber fraud in the UK is linked to the use of QR codes. Additionally, data from the UK’s National Fraud and Cyber Crime Reporting Centre (Action Fraud) confirmed that reports of fraud using QR codes have more than doubled this year, underscoring the need for caution.