HR and IT related emails are the top choices for phishing scams

KnowBe4’s Q1 2024 global phishing report finds that HR and IT related email subjects account for more than 42% and 30% of top phishing email subjects respectively.

  • Tuesday, 21st May 2024 Posted 7 months ago in by Phil Alsop

KnowBe4 has published the results of its Q1 2024 top-clicked phishing test report. The results include the most common email subjects clicked on in phishing tests, reflecting the persistent use of HR or IT-related business email messages that captivate employees’ interests.

Phishing emails continue to be one of the most common methods for executing cyberattacks on organisations worldwide. KnowBe4’s 2023 Phishing by Industry Benchmarking Report reveals that nearly one third of users are susceptible to clicking on malicious links or complying with fraudulent requests. As a result, cybercriminals take advantage of this vulnerability and leverage the innovative tools available to them, such as AI, to come up with increasingly sophisticated messages to outsmart users. These bad actors tailor phishing email strategies to appear more legitimate in their requests and trick employees by inciting an emotional response and urgency to click on a malicious link or download an infected attachment.

HR-related phishing attacks take the top spot at 42%, a trend that has persisted for the last three quarters, followed by IT-related phishing emails at 30%. Phishing emails from HR or IT departments that prompt dress code changes, tax and healthcare updates, training notifications and other similar actions are effective in deceiving employees as they can affect a user’s work, evoke an immediate response and can cause a person to react before thinking about the validity of the email.

The KnowBe4 phishing report this quarter also noted more personal phishing email attacks, such as tax, healthcare and ApplePay, that could affect users' sensitive information. These types of attacks are effective because they cause a person to react to a potentially alarming topic and engage to protect their private information before thinking logically about the credibility of the email.

“KnowBe4’s report shows that cybercriminals are becoming increasingly tactical in exploiting employee trust by using HR-related phishing emails due to their seemingly legitimate source,” said Stu Sjouwerman, CEO of KnowBe4. “Emails coming from an internal department such as HR or IT are especially harmful to organisations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy, exposing the company to security vulnerabilities. A well-trained workforce is therefore crucial in building a strong security culture and serves as the best defence in safeguarding organisations against preventable cyberattacks.”

Beacon, NY, Dec 20, 2024– DocuWare unveils its AI-powered Intelligent Document Processing (DocuWare IDP), bringing about unprecedented improvements...
85% of IT decision makers surveyed reported progress in their companies’ 2024 AI strategy, with 47% saying they have already achieved positive ROI.

MSPs will invest in more AI security forecasting

Posted 1 week ago by Phil Alsop
Predictive maintenance and forecasting for security and failures will be a growing area for MSPs with an interest in security, says Nicole Reineke,...

Machine identities next big target for cyberattacks

Posted 1 week ago by Phil Alsop
Venafi has published the findings of its latest research report: The Impact of Machine Identities on the State of Cloud Native Security in 2024....
Nearly 50% of organisations have experienced a security breach in the last two years.

IT professionals recognise lack of gender diversity

Posted 1 week ago by Phil Alsop
The majority (87 percent) of IT professionals agree that there is a lack of gender diversity in the sector, yet less than half (41 percent) of...

A moving landscape for MSPs

Posted 1 week ago by Phil Alsop
2025 predictions from Ranjan Singh, chief product officer at Kaseya.

Data breach epidemic takes its toll

Posted 1 week ago by Phil Alsop
New study by Splunk shows that a significant number of UK CISOs are stressed, tired, and aren’t getting adequate time to relax.