Results of a major phishing test show a trend towards business-related emails. KnowBe4 releases Q3 2022 Global Phishing Report and finds that more business-related email topics are being used as a phishing strategy.
KnowBe4, provider of the world's largest security training and phishing simulation platform, announces the results of its report on the top clicks on phishing emails in Q3 2022. Results include the top email topics clicked in phishing tests. They reflect the shift from personal to business-related email topics, including internal inquiries and updates from HR, IT, and managers.
Exchange OP and Defender bypassed 19%
The Check Point research team found that nearly 19% of phishing emails target Microsoft Exchange Online
Protection (EOP) and Defender bypassed to get into user's inbox. This is an important indicator that technology and email filtering cannot be used as the sole method of protecting against malicious email.
Business phishing emails have always been and continue to be effective because they can affect a user's workday and routine. This quarter's phishing test results show that 40 percent of email topics are HR-related. This creates a sense of urgency in users to act quickly, sometimes before thinking logically and taking the time to question the legitimacy of the email.
This year's Phishing Survey also found that phishing links in the body of an email were the most common this quarter. These combined tactics can have devastating consequences for businesses, leading to a variety of cyberattacks such as ransomware and business email compromise.
Phishing: Business-related emails now number 1
This quarter's phishing test shows not only a shift towards more business-related email, but also a move away from using personal email, e.g. B. from social media. In fact, the Q3 phishing report is the first this year in which social networking or social media sites are not among the top email subject categories.
"As phishing emails evolve and become more sophisticated, it's more important than ever for organizations to provide security training to all employees," said Stu Sjouwerman, CEO of KnowBe4. “Phishing emails disguised as internal communications are of particular concern as they are sure to grab users' attention and typically prompt an action. Employee security training helps combat phishing and malicious emails by educating users on what to look out for - it's key to creating a healthy level of skepticism to better protect an organization and create a stronger culture of security build up."
More at Sophos.com
About KnowBe4
KnowBe4, provider of the world's largest platform for security awareness training and simulated phishing, is used by more than 52.000 companies around the world. KnowBe4 helps companies address the human side of security by raising awareness of malware such as ransomware trojans, CEO fraud and other social engineering scams through a novel approach to security awareness training.