How it works and types of attacks
QR Code attacks can be managed in two ways:
printed format
email template containing a QR code
This provides greater flexibility in how the attack is distributed.
The ability to carry out a QR code attack is available to companies that have purchased the "Phish Pro" add-on and have activated the corresponding licenses.
Note: The indicated add-on can only be activated after purchasing the "Phish Pro" component for the specific Organization. Activation for testing or trial purposes is not allowed. If needed, please contact our support team in advance.
Printed QR Code
To enable the QR code attack, you need to activate the "Enable QR code Attacks" toggle available in the "Company Management > Setup > Phishing" section.
Once the toggle is enabled, you will need to customize the QR code by associating it with the landing page you want to use.
To do this, select "Training Material," choose the desired company, and then "Template."
Then, in the menu that allows you to filter templates by type, select "Only QR code type templates."
The global template that appears must then be copied to the company where you want to use it.
To copy the template, simply click the pencil icon in the actions column and select the "Actions" section. At the bottom, a dropdown menu will show the company subdomains where the template can be copied.
Customizing the company QR code template
Once the template has been copied and becomes a "company template," you can customize it
By editing the email text that will be sent to the contact person containing the QR code to print
By choosing which landing page to associate
At this point, you can click on the "Release Management > Remediation > QR code Attack" section
NOTE: Although it is within the remediation panel, the QR Code campaign can be launched even if no campaigns have been run in Cyber Guru Phishing.
Start the QR code campaign
By clicking "Start" on the "QR code Attack" remediation type, a screen opens where you can view the template containing the QR code.
Select the customized QR code template, which will be sent only to the specified contact person. That person will then be responsible for printing and distributing the QR code.
In the "Date" section, you can set the duration of the campaign associated with the attack.
You will need to specify:
- Campaign start date: indicates the day from which user interactions with the QR code will be recorded on the platform.
-
Campaign duration: defines how long the system will record user interactions with the QR code.
⚠️ Any interaction after the set duration will not be recorded on the platform.
- Campaign start time: indicates the exact time (on the day set as the start date) when the campaign becomes active and user interactions with the QR code begin to be recorded on the platform.
-
Email sending duration: you must leave the default value PT2M. This field means that within two minutes of the set start date, the contact person will receive the QR code to print via email. For this reason, it is essential for the contact person to print and distribute the QR code as soon as possible to avoid losing days of tracking.
Alternatively, you can set a longer campaign duration to allow for any delays in printing and distribution.
In the "Target" section, you can enter the first name, last name, email, and language of the user (contact person) who should receive the QR code by email.
The QR code can also be sent to multiple contacts at the same time.
Do NOT enter the campaign targets in this section, as you are defining a QR code attack with no predetermined targets (anyone can scan the QR code).
Once the information is entered, the supervisor receives a QR Code that can be printed and physically distributed (the QR code will be sent within 2 minutes of the set start date)
Tracking QR code interactions
When a user scans the QR Code, they are redirected to a phishing link.
There are two levels of tracking available:
- Level 1: Anonymous tracking of the number of people who followed the link after scanning the QR Code.
-
Level 2: If the user enters information (e.g., username and password), the tracking becomes more detailed and can be configured to capture specific data fields. This second scenario can occur by adding an intermediate landing page after scanning the QR Code.
Note: Passwords entered are not saved unless the password capture option is explicitly enabled within the landing page.
Once remediation is complete, the data will be available in the "Statistics > Remediation Report" section.
Within the reports, you can view:
The IP address from which the click originated
Any information entered on the intermediate landing page
QR Code via email
A more advanced option that allows for greater traceability is sending QR Codes via email.
In this case, tracking is no longer anonymous, but detailed, just like any regular phishing email campaign.
We recommend using QR Code via email because it offers comprehensive tracking and more accurate results.
Email-type templates containing QR codes are automatically identified by the system with a specific type. If the phishing option to enable QR templates is active, they will automatically be suggested in campaigns, or you can force their inclusion.