Securio Launches Practical Email Training Replicating New Cyber Attacks 'ClickFix' and 'QR Phishing'
LRM Inc. has added functions to its security education cloud 'Securio' to simulate 'ClickFix' and 'QR Phishing' attacks, helping organizations build a security culture against AI-enhanced threats.
📋 Article Processing Timeline
- 📰 Published: April 23, 2026 at 20:00
- 🔍 Collected: April 23, 2026 at 11:31
- 🤖 AI Analyzed: April 24, 2026 at 01:23 (13h 51m after Collected)
LRM Inc. (Kobe, Hyogo; CEO Tetsuya Yukimatsu), provider of the security education cloud 'Securio', has released email training functions simulating the rapidly increasing cyber threats 'ClickFix attacks' and 'QR phishing (phishing using QR codes)' as new features of Securio.
ClickFix attacks and QR phishing are cyber attacks targeting 'human judgment' and are characterized by being difficult to detect with traditional security products. This training function aims to change people's awareness and behavior, supporting the improvement of security across the entire organization.
### Background: Cyber Threats Targeting 'Human Judgment' Bypassing Detection
Currently, two attack methods that cleverly bypass conventional security software and email filters are increasing rapidly. These methods can lead to malware infection or theft of authentication information by inducing transitions to fake sites or the execution of specific operations. They are a significant threat, especially in the financial, manufacturing, and real estate industries.
**ClickFix:** A method of leading users to malicious sites or CAPTCHA screens via email, giving instructions through fake warnings such as 'Please fix the error', and making the users execute malicious commands themselves.
**QR Phishing/Quishing:** A method of leading users to malicious fake sites by having them read a 2D code on a separate device instead of clicking a URL link in the email body, thereby bypassing PC security detection.
These cannot be prevented by traditional education such as 'do not click links in suspicious emails'. In an era where AI instantly generates malicious email text and fake sites, it is essential for each employee to correctly understand 'what threats exist now' and respond appropriately.
By utilizing this training function, we promote the formation of a 'security culture' where everyone in the organization can appropriately prevent cyber attacks, realizing improved organizational security.
### Overview of 'ClickFix' and 'QR Phishing' Training Functions
In Securio's targeted attack email training function, the following two types of training are now possible:
1. **ClickFix Training:** You can send emails simulating ClickFix attacks to employees. If an employee clicks a link in the email, a fake system error screen is displayed. If they follow the instructions and perform a specific operation, a page revealing it as a training exercise is shown.
2. **QR Phishing Training:** You can send emails simulating QR phishing to employees. If an employee reads the QR code in the email with another device such as a smartphone, a page revealing it as a training exercise is shown.
### Benefits of Implementation
1. **Implement Training Aligned with Prevailing Cyber Attacks:** Training tailored to the latest threat trends can be implemented with minimal self-creation cost. Employees can experience the risk of cyber attacks using methods different from traditional common email attacks in a safe environment. By actually experiencing new attack methods during daily work, employees can acquire the judgment to avoid becoming victims of cyber attacks.
2. **Visualize the Points Where Trainees Were Tricked:** You can visualize who operated up to which stage and identify points that should be focused on for education. Securio allows for a seamless transition from training to education.
ClickFix attacks and QR phishing are cyber attacks targeting 'human judgment' and are characterized by being difficult to detect with traditional security products. This training function aims to change people's awareness and behavior, supporting the improvement of security across the entire organization.
### Background: Cyber Threats Targeting 'Human Judgment' Bypassing Detection
Currently, two attack methods that cleverly bypass conventional security software and email filters are increasing rapidly. These methods can lead to malware infection or theft of authentication information by inducing transitions to fake sites or the execution of specific operations. They are a significant threat, especially in the financial, manufacturing, and real estate industries.
**ClickFix:** A method of leading users to malicious sites or CAPTCHA screens via email, giving instructions through fake warnings such as 'Please fix the error', and making the users execute malicious commands themselves.
**QR Phishing/Quishing:** A method of leading users to malicious fake sites by having them read a 2D code on a separate device instead of clicking a URL link in the email body, thereby bypassing PC security detection.
These cannot be prevented by traditional education such as 'do not click links in suspicious emails'. In an era where AI instantly generates malicious email text and fake sites, it is essential for each employee to correctly understand 'what threats exist now' and respond appropriately.
By utilizing this training function, we promote the formation of a 'security culture' where everyone in the organization can appropriately prevent cyber attacks, realizing improved organizational security.
### Overview of 'ClickFix' and 'QR Phishing' Training Functions
In Securio's targeted attack email training function, the following two types of training are now possible:
1. **ClickFix Training:** You can send emails simulating ClickFix attacks to employees. If an employee clicks a link in the email, a fake system error screen is displayed. If they follow the instructions and perform a specific operation, a page revealing it as a training exercise is shown.
2. **QR Phishing Training:** You can send emails simulating QR phishing to employees. If an employee reads the QR code in the email with another device such as a smartphone, a page revealing it as a training exercise is shown.
### Benefits of Implementation
1. **Implement Training Aligned with Prevailing Cyber Attacks:** Training tailored to the latest threat trends can be implemented with minimal self-creation cost. Employees can experience the risk of cyber attacks using methods different from traditional common email attacks in a safe environment. By actually experiencing new attack methods during daily work, employees can acquire the judgment to avoid becoming victims of cyber attacks.
2. **Visualize the Points Where Trainees Were Tricked:** You can visualize who operated up to which stage and identify points that should be focused on for education. Securio allows for a seamless transition from training to education.