Email phishing has caused problems for individuals and businesses for well over a decade, but how do fraudsters continue to see success? KnowBe4, the security awareness training and simulated phishing platform provider, has revealed the top email subjects clicked on in its latest phishing test report.
The KnowBe4 2023 Phishing by Industry Benchmarking Report reveals that nearly one in three (33.1 per cent) users are likely to click on a suspicious link or comply with a fraudulent request via email.
The security awareness firm explained that phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organisations worldwide. Cybercriminals are constantly refining their strategies to stay up-to-date with market trends and outsmart end users and organisations by creating phishing email subjects that are realistic and believable.
Fraudsters often prey on emotions and aim to cause distress, confusion, panic or even excitement in order to entice someone to click on a phishing link or malicious attachment.
Phishing tactics are changing with the increasing trend of cybercriminals using email subjects coming from HR related to dress code changes, training notifications, vacation updates and more. These are effective because they may cause a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee’s personal life and professional workday.
Fraudsters also utilised holiday phishing email subjects this quarter; with four out of the five top holiday email subjects appearing to have come from HR. Incentives referring to national holidays such as ‘Juneteenth’ and the Fourth of July, holiday celebrations and schedule changes were used as bait for unsuspecting end users. Additionally, the report reflects the consistent trend of utilising IT and online service notifications as well as tax-related email subjects.
“An educated workforce is an organisation’s best defence”
Stu Sjouwerman, CEO of KnowBe4, offered more insight into the report’s findings: “The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible.
“The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50 per cent of these emails appear to come from HR – a trusted and crucial department of so many, if not all organisations.
“These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organisation.
“New-school security awareness training for employees is crucial to help combat phishing and malicious emails by educating users on the most common cyber attacks and threats. An educated workforce is an organisation’s best defence and is essential to fostering and maintaining a strong security culture.”