Keepnet Labs Logo

Boosting Quishing Awareness 91% Success

Learn how Keepnet protects a global retailer from QR phishing attacks, saving costs and enhancing the organization's security culture.

Case Study: Mitigating the Risk of Phishing Attacks


A leading US-based retail company operated over 6,000 stores in 25 countries, employing approximately 27,000 people. The company integrated QR codes to connect offline and online shopping experiences, placing them alongside products, on payment kiosks, at storefronts, and on product packaging.

This strategy, however, introduced the threat of QR code phishing. With a large workforce, equipping employees to recognize and respond to these threats was essential.

The company looked for a security awareness training vendor capable of stopping QR phishing attacks. Keepnet was selected based on its inclusive security awareness approach, combining advanced technical defenses with a strong focus on employee training and awareness.

Successful Outcomes

  • Saved $89.500 per year from incident handling processes.

  • Prevented a $1,897,560 potential loss annually.

  • Improved their ability to recognize QR phishing by 91% in a year.

  • Reduced human risk score from 45% to 80%.

  • Increased training success from 57% to 94%.

Impact of QR Phishing Attacks

QR code phishing attacks pose substantial risks, considering the company's extensive international presence and the responsibility of managing human risk, which accounts for 95% of all cybersecurity incidents.

  • Legal Compliance Risks: Inadequate training of employees in recognizing and responding to QR code phishing attacks could lead to legal penalties and actions. This situation demands rigorous and consistent cybersecurity training.

  • Financial impact: QR code phishing attacks can lead to data breaches and potentially result in ransom demands. These incidents incur costs regarding incident response and mitigation and can lead to substantial financial losses.

  • Reputation at stake: Keeping customer trust is essential for a large brand. Any compromise in data integrity due to phishing attacks can severely damage the company's reputation among customers, employees, and business partners.

  • Operational disruptions: Responding to QR code phishing attacks requires significant resources and can disrupt regular business operations.

“In our retail operations, QR code usage was a top priority. Partnering with Keepnet Labs has been a strategic move to strengthen our defenses against QR code phishing. We focus on equipping our 27,000 employees across 6,000 stores with the necessary skills to identify and prevent these threats, ensuring our customers' safety and our brand's integrity."

- Noah Martin, CISO at US-based Retail Business

Potential Loss Prevented

The average loss per individual


Employees recognizing and reporting Quishing

from 77% to 88% in 1 year

The total potential loss prevented: $1,897,560 annually

Cost Saved From Incident Response

Avg. time to respond to a QR Code Phishing incident

from 6 hours to 2 minutes

The average cost of one staff

$60 per hour

The cost of a single Phishing incident reduced

from $360 to $2

The average number of Phishing incidents reported per year


The total estimated cost savings are $89,500 annually

(reducing the cost from $90.000 to $500).

How Keepnet Stepped In:

  • QR Code Phishing Simulation: Keepnet introduced QR code phishing simulations to assess and improve the employees' readiness against QR code phishing attacks. The QR phishing simulator provided practical, hands-on experience, enabling employees to better recognize QR code phishing attacks.

  • Focused Security Awareness Training: Keepnet implemented a targeted security awareness training program to address QR code phishing attacks.

  • Expert Consultation: Keepnet provided the company with ongoing consultation, offering insights into emerging threats and assisting in creating targeted phishing campaigns.

  • Strengthened Reporting Culture: Keepnet trained the company's employees in proper reporting mechanisms and provided phishing reporting add-ins to employees. This empowered staff to report any suspicious activities promptly, enabling swift incident response and resolution.

  • Ensuring Regulatory Compliance: The regular simulated phishing tests and security awareness training sessions conducted by Keepnet ensured that the company remained compliant with relevant cybersecurity regulations. This compliance minimized the risk of penalties and legal consequences associated with regulatory breaches.

  • Behavior-Based Automated Security Training: Keepnet' system is designed to monitor closely how employees handle cybersecurity. If it spots any wrong actions, it automatically sends that person specific training. This training focuses on the exact mistakes they made.

Operational Results

  • Trained 27,000 employees worldwide, boosting security awareness.

    Improved risk score from 45% to 80%, strengthening cybersecurity posture.

  • Reduced human risk score from 80% to 45%, strengthening cybersecurity posture.

  • Achieved a 91% success rate in identifying and reporting phishing attempts.

  • Increased training success from 57% to 94%, demonstrating effective training methods.

Strategic Results

  • Saved $89,500 from the incident handling process per year.

  • Prevented a $1,897,560 potential loss annually.

  • Ensured adherence to cybersecurity regulations, enhancing organizational reassurance.

  • Improved cybersecurity defenses through an effective incident response plan.

Schedule your 30-minute demo now

You'll learn how to:
tickCreate effective quishing campaigns to improve threat response skills.
tickCustomize quishing templates to suit your business needs and enhance awareness.
tickTrack user behaviors and generate quishing risk scores to benchmark your industry performance.

Schedule your 30-minute demo now

You'll learn how to:
tickAutomate behaviour-based security awareness training for employees to identify and report threats: phishing, vishing, smishing, quishing, MFA phishing, callback phishing!
tickAutomate phishing analysis by 187x and remove threats from inboxes 48x faster.
tickUse our AI-driven human-centric platform with Autopilot and Self-driving features to efficiently manage human cyber risks.
iso 27017 certificate
iso 27018 certificate
iso 27001 certificate
ukas 20382 certificate
Cylon certificate
Crown certificate
Gartner certificate
Tech Nation certificate