SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
KnowBe4: half of malicious email subjects are HR related
Wed, 26th Jul 2023

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform announced its Q2 2023 top-clicked phishing report results. 

The results include the top email subjects clicked on in phishing tests and reflect the use of HR business-related messages that pique the interest of employees and can potentially affect them.  

Phishing emails continue to be one of the most common methods to perpetuate malicious attacks on organisations around the globe effectively.

Cybercriminals are constantly refining their strategies to stay up-to-date with market trends and outsmart end users and organisations by creating phishing email subjects that are realistic and believable. 

KnowBe4 states they prey on emotions and aim to cause distress, confusion, panic or even excitement to entice someone to click on a phishing link or malicious attachment.

KnowBe4's 2023 Phishing by Industry Benchmarking Report revealed that nearly one in three users would likely click on a suspicious link or comply with a fraudulent request.  

Phishing tactics are changing with the increasing trend of cybercriminals using email subjects from HR related to dress code changes, training notifications, vacation updates and more. 

KnowBe4 says these are effective because they may cause a person to react before thinking logically about the email's legitimacy and have the potential to impact an employee's personal life and professional workday.  

Holiday phishing email subjects were also utilised this quarter, with four of the five top holiday email subjects coming from HR. Incentives referring to national holidays globally, such as Juneteenth and the Fourth of July, holiday celebrations and schedule changes were used as bait for unsuspecting end users. 

Additionally, the report reflects the consistent trend of utilising IT and online service notifications and tax-related email subjects. 

Stu Sjouwerman, the CEO of KnowBe4, says: "The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible."

"The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR, a trusted and crucial department of so many, if not all, organisations." 

"These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organisation."

"New-school security awareness training for employees is crucial to help combat phishing and malicious emails by educating users on the most common cyber attacks and threats. An educated workforce is an organisation's best defence and is essential to fostering and maintaining a strong security culture," says Sjouwerman. 

KnowBe4 is used by over 60,000 organisations worldwide. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security.