Skip to main content
All CollectionsuPhishQR code phishing
How to create a QR code phishing simulation
How to create a QR code phishing simulation

Learn how to send out phishing simulation emails equipped with QR codes to your users.

Anna Cunningham avatar
Written by Anna Cunningham
Updated over a week ago

Here's how to create a new phishing simulation to send out QR code-equipped emails - also known as 'quishing' - to test your end users.

Please set up Message Injection in Microsoft 365 or Google Workspace to ensure your simulated phishing email will reach your end users.

Getting started

To get started, find the Create Simulation page through the top menu in the usecure app.

Select uPhish -> Create Simulation in the usecure top menu bar.

Step One - Choose your landing page

First, you will need to choose a landing page for your simulated QR code phishing campaign. You will see pre-built uPhish templates on this page, but if you have created custom landing pages you can see them by scrolling down to the Your Saved Templates section.

You can filter landing pages by language and region to easily find the ones most suitable for your needs.

Step Two - Choose an email template equipped with QR codes, or create your own

You can find QR code templates by typing 'QR' into the search bar.

Step Three - Configure your simulation

Now you're able to configure your simulation by editing the following:

  • Simulation name

  • Subject line

  • Sender name, email address and domain

You can use the "Use a custom sender email address" toggle to use any email address you wish. However, using an unverified email address may reduce deliverability. Send a test email from the bottom of the page to check deliverability on your system.

Step Four - Finish setting up your simulation

Choose your users, schedule your simulation launch date, and optionally include inline training for compromised users. Our QR code training modules provide perfect in-line training options for QR simulations.

The Preferred delivery method option is available if you have configured Message Injection - please note if Message Injection fails, emails will fall back to regular mail (via SMTP).

Step Five - Keep track of user response

Select uPhish -> View simulations, and then select your simulation to view open and compromise rates, as well as find individual users.

Next steps

Did this answer your question?