KnowBe3's Q2023 4 global phishing report finds that HR-related email topics continue to be used as a phishing strategy, accounting for more than 50 percent of top email topics. The report shows clear. dangerous trends.
The results of KnowBe2023's third quarter 4 phishing report show clear attack trends. They include the most clicked email topics in phishing tests and reflect the use of business-related HR messages as well as popular seasonal messages that can pique employees' interest and influence their workday.
Phishing emails – old but dangerous
Phishing emails remain one of the most common methods to carry out malicious attacks on companies worldwide. In fact, the KnowBe4 Phishing by Industry Benchmarking Report 2023 showed that almost one in three users click on a suspicious link or follow up on a fraudulent request. For this reason, cybercriminals continue to innovate and refine their strategies to stay up to date with current trends and tactics to capture the attention of end users and ultimately outwit them. This leads cybercriminals to alter the subject lines of phishing emails to make them appear more credible. At the same time, they exploit emotions by creating urgency, confusion, and desperation to get employees to click on a malicious phishing link or download an attachment.
The last two quarters have seen a steady trend of cybercriminals using HR email topics, including dress code changes, training and vacation notices. These emails are very effective because they can prompt a person to respond before they can think about the legitimacy of the email. They have the potential to impact employees’ personal lives and everyday work lives.
Employees often fall for bait
Phishing emails were also sent around holidays and seasonal events this quarter. Four of the top five holiday emails were Halloween and fall themed, used as bait to convince unsuspecting end users. Additionally, the report reflects the ongoing trend toward the use of IT and online service notifications and tax-related email topics.
“The ongoing trend of disguising emails as if they came from an internal department such as HR is particularly dangerous for companies. Because these emails appear to come from a trustworthy, reliable source,” says Stu Sjouwerman, CEO of KnowBe4. “These malicious emails exploit employee trust and create vulnerabilities within an organization that can potentially lead to its downfall. KnowBe4's phishing test reports demonstrate the importance of security training that educates end users about the latest and most common cyberattacks and threats. A well-trained workforce is essential to fostering a strong security culture and is an organization’s best defense for staying safe online.”
More at KnowBe4.com
About KnowBe4 KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 60.000 companies around the world. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new approach to security education. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.