KnowBe4, the leading provider of security awareness training and simulated phishing platforms, has released its Q2 2023 top-clicked phishing report. This report highlights the email subjects that were most clicked on in phishing tests and demonstrates the use of HR business-related messages to target unsuspecting employees.
Phishing emails continue to be a prevalent method used by cybercriminals to perpetrate malicious attacks on organizations worldwide. These criminals constantly refine their strategies to keep up with market trends and outsmart end users and organizations. They create phishing email subjects that are realistic and believable, often preying on emotions to cause distress, confusion, panic, or excitement in order to entice someone to click on a phishing link or open a malicious attachment.
KnowBe4’s 2023 Phishing by Industry Benchmarking Report found that nearly one in three users are likely to click on a suspicious link or comply with a fraudulent request. This alarming statistic shows the effectiveness of phishing tactics and the need for organizations to prioritize security awareness training for their employees.
In recent times, phishing tactics have evolved to include email subjects related to HR matters such as dress code changes, training notifications, and vacation updates. These subjects are effective because they prompt a quick response from individuals without thinking logically about the legitimacy of the email. Furthermore, these emails have the potential to impact both an employee’s personal life and their professional workday.
The Q2 2023 report also highlights the use of holiday-related email subjects, with four out of the top five holiday subjects appearing to come from HR. Cybercriminals used incentives related to national holidays like Juneteenth and the Fourth of July, as well as holiday celebrations and schedule changes, to lure unsuspecting users. Additionally, the report reveals the consistent trend of using IT and online service notifications, as well as tax-related subjects, to trick recipients.
Stu Sjouwerman, CEO of KnowBe4, emphasizes the concerning nature of these trends. He states, “The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible.” Sjouwerman expresses particular concern about the rise of phishing emails appearing to come from HR, as this department is trusted and crucial to many organizations. These disguised emails take advantage of employee trust and often lead individuals to take actions that can have disastrous outcomes for the entire organization.
Sjouwerman highlights the importance of new-school security awareness training for employees to combat phishing and malicious emails effectively. By educating users about the most common cyber attacks and threats, organizations can empower their employees to recognize and respond appropriately to suspicious emails. An educated workforce serves as the best defense against phishing attempts and plays a vital role in fostering and maintaining a strong security culture.
The Q2 2023 KnowBe4 Phishing Report can be downloaded from the company’s website. It provides an infographic summarizing the key findings of the report.
KnowBe4, founded by IT and data security specialist Stu Sjouwerman, is trusted by over 60,000 organizations worldwide. The company helps address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through its innovative approach to security awareness training. KnowBe4’s training is designed based on the well-documented social engineering tactics of internationally recognized cybersecurity specialist Kevin Mitnick, who serves as the company’s Chief Hacking Officer. Numerous organizations rely on KnowBe4 to empower their end users as the last line of defense against cyber threats.