SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
IT and online services emails drive dangerous attack trend
Wed, 19th Apr 2023
FYI, this story is more than a year old

A new global phishing report has found more IT- and online services-related email subjects are used as a phishing strategy.

Security awareness training and simulated phishing platform KnowBe4 has announced the results of its Q1 2023 top-clicked phishing report. 

The results include the top email subjects clicked on in phishing tests and reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect end users’ daily work.  

According to KnowBe4, phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organisations around the globe. 

KnowBe4 is the provider of a security awareness training and simulated phishing platform that is used by more than 56,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. 

Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. 

"Cybercriminals are always refining their strategies to stay one step ahead of end users and organisations by changing phishing email subjects to be more believable," the company says. 

"They prey on emotions and aim to cause distress or confusion in order to entice someone to click. 

"Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more," it says.

"These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed."

The report found holiday phishing email subjects were also used this quarter with incentives such as a change in schedule, gift card and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1.  

“Cybercriminals are constantly increasing the damage they cause to organisations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” says Stu Sjouwerman, Chief Executive Officer at KnowBe4. 

“Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical," he says. 

"Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”