HR emails top phishing tactics in KnowBe4's Q2 2024 report

KnowBe4 has released its Q2 2024 top-clicked phishing report, which highlights ongoing trends in the email subjects most frequently clicked on in phishing tests. The report underscores the persistent effectiveness of HR business-related messages in provoking employee interaction, potentially leading to harmful outcomes for individuals and organisations.

Phishing emails continue to be a prevalent tool for cybercriminals seeking to execute malicious attacks on a global scale. These actors frequently evolve their methods to align with current market trends, aiming to outsmart end-users and organisations. Their tactics often exploit human emotions by eliciting feelings such as urgency, confusion or excitement in recipients, encouraging them to click on malicious links or open harmful attachments. This threat’s gravity is further reflected in KnowBe4's 2024 Phishing by Industry Benchmarking Report, which indicates that roughly one in three users is likely to interact with suspicious links or comply with fraudulent requests.

Over the past year, HR-related email subjects have become increasingly popular among cybercriminals. Common themes include dress code changes, training notifications, and vacation updates. According to the report, these subjects are particularly effective because they prompt recipients to react impulsively, potentially compromising their personal and professional lives.

Another growing concern identified in the report is the inclusion of QR codes in phishing emails. Cybercriminals are increasingly using these codes to extract sensitive information or steal money. Prominent email subjects that prompt employees to scan these QR codes include multi-factor authentication (MFA) migrations, HR reminders, and password expiration notifications. The data also shows a consistent trend in using IT and online service notifications and tax-related email subjects to deceive recipients.

Stu Sjouwerman, CEO of KnowBe4, commented on the evolving nature of phishing tactics: "Phishing tactics are ever-evolving and continue to pose a significant threat to organisations worldwide. We're seeing cybercriminals adapt their strategies at an alarming speed. The continuous rise in HR-related phishing emails is especially troubling, as they target the very foundation of organisational trust. Moreover, the increase of QR codes in phishing attempts adds another layer of complexity to these threats."

Sjouwerman emphasised the importance of security awareness training in combating these threats: "In this environment, it's crucial for organisations to prioritise comprehensive security awareness training. By educating employees about these and other emerging tactics, and cultivating a strong security culture, organisations can mitigate the human risk that exists within."

KnowBe4's Q2 2024 top-clicked phishing report serves as a vital reminder of the evolving landscape of cyber threats, particularly those related to HR communications and the increasing use of QR codes. As cybercriminals refine their approaches to exploit human behaviour, it becomes essential for organisations to stay informed about these trends.