SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

KnowBe4 report finds rise in HR & IT email phishing

Tue, 10th Dec 2024

KnowBe4's Q3 2024 Phishing Report highlights the prevalence of HR and IT-related emails in phishing attempts, with a notable rise in QR code phishing.

According to the report, HR and IT-related phishing emails account for a significant 48.6% of top-clicked phishing types globally. Despite the evolving techniques employed by cybercriminals, phishing emails continue to serve as a common method for executing cyberattacks. The 2024 Phishing by Industry Benchmarking Report shares that approximately one in three users might engage with malicious links or fraudulent requests, highlighting the cunning nature of these threats which exploit human emotions and the sense of urgency.

The report identifies email-embedded phishing links as the primary attack vector. These malicious links, along with PDF attachments and spoofed domains, are capable of causing substantial harm, such as ransomware attacks and business email compromise, when users interact with them. Additionally, there has been a marked increase in phishing campaigns using QR codes as a tool. Frequently encountered QR code phishing subjects include HR reminders about policy reviews, DocuSign emails requiring urgent document signing, and Zoom meeting invitations. Such messages may falsely appear as communications from HR, colleagues, or external vendors, thus presenting a significant risk.

Stu Sjouwerman, CEO of KnowBe4, commented on these findings, "Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications. The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritising human risk management, organisations can effectively build a formidable defence against avoidable cyberthreats."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X