Threat actors are opportunistic and enterprising, continually looking for new ways to evade organisational security measures and manipulate targets. Indeed, it’s repeatedly been proven that if an element of email can be utilised for nefarious purposes, cybercriminals will learn how to exploit it. 

The result has been a decades-long cat-and-mouse game in which every advancement in email security has given rise to a corresponding shift in strategy from attackers. 

QR Code Attacks Make a Splash 

QR code phishing (“quishing”), the newest iteration of phishing, tricks targets into interacting with malicious QR codes and unwittingly revealing private information that can be used to compromise accounts and launch additional attacks. 

Although every employee is a potential quishing target, C-Suite executives receive 42 times more QR code attacks than the average employee. Cybercriminals also seem to have a favourite industry to target, with construction and engineering organisations experiencing quishing attacks at a rate 19 times higher than any other vertical.