SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Email Security
#
Phishing
Half of top malicious email subjects are HR related – report
Wed, 26th Jul 2023
Author image
By Shannon Williams, Journalist
Follow us

Phishing test results have revealed half of the top malicious email subjects are HR related.

KnowBe4 has announced the results of its Q2 2023 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests and reflect the use of HR business-related messages that pique interest from employees and can potentially affect them.
 
Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organisations around the globe. Cybercriminals are constantly refining their strategies to stay up-to-date with market trends and outsmart end users and organisations by creating phishing email subjects that are realistic and believable. They prey on emotions and aim to cause distress, confusion, panic or even excitement in order to entice someone to click on a phishing link or malicious attachment. 

The KnowBe4 2023 Phishing by Industry Benchmarking Report revealed that nearly one in three users are likely to click on a suspicious link or comply with a fraudulent request.
 
According to the report, phishing tactics are changing with the increasing trend of cybercriminals using email subjects coming from HR related to dress code changes, training notifications, vacation updates and more. These are effective because they may cause a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday.
 
In the US, for example, holiday phishing email subjects were also utilised this quarter with four out of the five top holiday email subjects appearing to have come from HR. Incentives referring to national holidays such as Juneteenth and the Fourth of July, holiday celebrations and schedule changes were used as bait for unsuspecting end users. Additionally, the report reflects the consistent trend of using IT and online service notifications as well as tax-related email subjects.
 
"The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible," says Stu Sjouwerman, CEO, KnowBe4. 

"The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR a trusted and crucial department of so many, if not all organisations," he says. 

"These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organisation," Sjouwerman says. 

"New-school security awareness training for employees is crucial to help combat phishing and malicious emails by educating users on the most common cyber attacks and threats," he says.

"An educated workforce is an organisations best defense and is essential to fostering and maintaining a strong security culture."

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds