KnowBe4, a leading cybersecurity platform focusing on human risk management, has recently released its Q3 2024 Phishing Report. The report sheds light on the most commonly clicked email subjects in simulated phishing tests, highlighting the effectiveness of HR and IT-related phishing attempts in today’s digital landscape.
According to the findings of the Q3 2024 Phishing Report, HR and IT-related phishing emails account for a significant 48.6% share of the top-clicked phishing types globally. Despite the continuous evolution of tactics by cybercriminals, phishing emails remain a prevalent tool for carrying out cyberattacks. The report also indicates that approximately one in three users is susceptible to interacting with malicious links or fraudulent requests, underscoring the importance of raising awareness and enhancing cybersecurity practices within organizations.
Cybercriminals exploit this vulnerability by crafting deceptive phishing emails that tap into human emotions, invoking a sense of urgency to deceive recipients into clicking on malicious links or opening harmful attachments. These phishing emails often appear authentic and align with current trends, making it challenging for individuals to discern between legitimate and malicious communications.
One of the primary threats highlighted in the report is the use of email-embedded phishing links as the preferred attack vector. These malicious links, along with PDF attachments and spoofed domains, frequently lead to severe cyberattacks such as ransomware incidents and business email compromise schemes. The report also notes a surge in phishing campaigns leveraging QR codes, with popular subjects including HR policy review reminders, urgent DocuSign requests, and Zoom meeting invitations. These messages, masquerading as legitimate communications from internal departments or external sources, pose significant risks as they can be easily replicated by malicious actors.
Stu Sjouwerman, CEO of KnowBe4, emphasized the evolving sophistication of phishing tactics, particularly the exploitation of employees’ trust in internal communications. Sjouwerman highlighted the prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, as contributing to a complex threat landscape. He emphasized the importance of a well-trained workforce and a robust security culture in combating avoidable cyber threats, stressing the critical role of human risk management in building a strong defense against cyberattacks.
To access a copy of the Q3 2024 KnowBe4 Phishing Report infographic, interested individuals can visit the official link provided by the organization. KnowBe4 is dedicated to empowering workforces worldwide to make informed security decisions, with a focus on enhancing security culture and managing human risk. Through its AI-driven ‘best-of-suite’ platform for Human Risk Management, KnowBe4 aims to create an adaptive defense layer that strengthens user behavior against evolving cybersecurity threats. The platform includes modules for awareness and compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more, offering personalized cybersecurity protection content and tools to bolster organizations’ cybersecurity posture.
With over 70,000 organizations relying on KnowBe4’s services globally, the platform stands as a vital resource in transforming workforces from potential vulnerabilities into valuable assets in the ongoing battle against cyber threats.