KnowBe4, the provider of simulated phishing platform, has released the most frequently clicked phishing methods, including the top email subjects clicked on in phishing tests. Half of those had subject lines related to HR, including vacation policy updates, dress code changes, and upcoming performance reviews. The other top category was IT requests, including password verifications needed immediately. Test results are available on KnowBe4’s website.
Why are business phishing emails growing in popularity?
By now most people know that if they receive a text message confirming an $1800 order they never placed, or telling them they’ve just won a new grill, they shouldn’t click on it.
But what if it’s from their Human Resources Department about an upcoming performance review? Or, what if the attachment is a draft of a Strategic Plan that mentions their name?
Business phishing emails are effective because, left unanswered, they could affect the user’s daily work, enticing employees to react before thinking logically about the email’s legitimacy.
The email source may be hidden by a spoofed domain, making it even easier to miss, and may even have the company name and logo (sometimes even the employee’s name) in the email body. Most include a phishing hyperlink in the email or a PDF attachment.
What were the executive’s thoughts on the study?
“We already know that more than 80% of company data breaches globally come from human error. New-school security awareness training your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognise a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking,” said Stu Sjouwerman, KnowBe4’s CEO.
“That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface,” Stu added.
To download a copy of the KnowBe4 Phishing Infographic, visit KnowBe4