KnowBe4 announced the results of its Q3
2023 top-clicked phishing report. The results include the top email
subjects clicked on in phishing tests and reflect the use of HR
business-related messages as well as popular seasonal messages that
pique interest from employees and may affect their work day.
Phishing emails continue to be one of the most common methods to
effectively perpetuate malicious attacks on organizations around the
globe. In fact, KnowBe4's 2023 Phishing by Industry Benchmarking Report revealed
that nearly one in three users are likely to click on a suspicious link
or comply with a fraudulent request. Because of this, cybercriminals
remain innovative and refine their strategies to stay up-to-date with
current trends and use tactics in order to grab the attention of end
users to ultimately outsmart them. This results in cybercriminals
changing phishing email subjects to be more believable while preying on
emotions by inflicting urgency, confusion and distress in order to get
employees to click on a malicious phishing link or download an
attachment.
This steady trend from the last two quarters of cybercriminals using
email subjects coming from HR include messages related to dress code
changes, training notifications, vacation updates and more. These are
effective because they may cause a person to react before thinking
logically about the legitimacy of the email and have the potential to
impact an employee's personal life and professional workday.
Holiday and seasonal phishing email subjects were also utilized this
quarter with four out of the five top holiday email subjects related to
Halloween and fall items that are used as bait to incentivize
unsuspecting end users. Additionally, the report reflects the consistent
trend of utilizing IT and online service notifications as well as
tax-related email subjects.
"The continued trend of disguising emails as coming from an internal
department such as HR is especially dangerous to organizations because
they appear to be coming from a trusted, reliable source," Stu
Sjouwerman, CEO, KnowBe4. "These malicious emails take advantage of
employee trust and create vulnerabilities within an organization that
could potentially result in its downfall. KnowBe4's phishing test
reports emphasize the importance of new-school security awareness
training that educates end users on the latest and most common cyber
attacks and threats. An educated workforce is essential to fostering a
strong security culture and is an organization's best defense to stay
safe online."
To download a copy of the Q3 2023 KnowBe4 Phishing Report infographic, visit here.