Caught Off Guard: When Experts Fall for Quishing, Is Awareness Enough?

ABSTRACT

This study delves into social engineering vulnerabilities among cybersecurity experts, using an experimental approach. The motivation is to challenge the assumption that cybersecurity professionals are immune to social engineering attacks by examining their susceptibility to emerging threats like quishing, identifying gaps in current practices and training programs, and raising awareness about the risks posed to the general public. Two scenarios involving QR codes offering free training sessions and promotional hoodie giveaways were set up at and despite ethical considerations, the experiment yielded enlightening results: around 19% of participants interacted with the QR codes, questioning the perceived invulnerability of cybersecurity experts to such tactics. These results question the feasibility of traditional educational approaches in fully mitigating such risks, highlighting the need for updated and effective training, innovative strategies, and automated defenses to better protect both professionals and the general public from evolving social engineering threats.