KnowBe4 has found that HR-related email subjects dominate cyber-attack trends, comprising over 50% of top email subjects.

KnowBe4, the provider of the world's most significant security awareness training and simulated phishing platform, has announced the results of its Q3 2023 top-clicked phishing report.

The results include the top email subjects clicked on in phishing tests and reflect the use of HR business-related messages as well as popular seasonal messages that pique the interest of employees and may affect their workday. 

Phishing emails continue to be one of the most common methods to perpetuate malicious attacks on organisations around the globe effectively. KnowBe4's 2023 Phishing by Industry Benchmarking Report revealed that nearly one in three users will likely click on a suspicious link or comply with a fraudulent request. 

Because of this, cybercriminals remain innovative and refine their strategies to stay up-to-date with current trends and use tactics to grab end users' attention and ultimately outsmart them. 

This results in cybercriminals changing phishing email subjects to be more believable while preying on emotions by inflicting urgency, confusion and distress to get employees to click on a malicious phishing link or download an attachment.   

This steady trend from the last two-quarters of cybercriminals using email subjects coming from HR include messages related to dress code changes, training notifications, vacation updates and more. 

These are effective because they may cause a person to react before thinking logically about the email's legitimacy and potentially impact an employee's personal life and professional workday.  

Holiday and seasonal phishing email subjects were also used this quarter, with four of the five top holiday email subjects related to Halloween and northern hemisphere autumn/fall items used as bait to incentivise unsuspecting end users. Additionally, the report reflects the consistent trend of using IT and online service notifications and tax-related email subjects. 

Stu Sjouwerman, CEO of KnowBe4, says: "The continued trend of disguising emails as coming from an internal department such as HR is especially dangerous to organisations because they appear to be coming from a trusted, reliable source." 

"These malicious emails take advantage of employee trust and create vulnerabilities within an organisation that could result in its downfall." 

"KnowBe4's phishing test reports emphasise the importance of new-school security awareness training that educates end users on the latest and most common cyber attacks and threats. An educated workforce is essential to fostering a strong security culture and is an organisation's best defence to stay safe online." 

KnowBe4 is used by more than 65,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. 

Organisations rely on KnowBe4 to mobilise their end users as their last line of defence and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.