Human Resources Emails Remain Popular Phishing Targets

Highlights:

• According to the third quarter phishing report by KnowBe4, phishing emails remain a prevalent technique employed to carry out malicious attacks on organizations worldwide.
• Human resources emails deal with matters directly impacting an employee’s daily work and personal life, often leading to quick and impulsive responses.

According to a recent report published by KnowBe4 Inc., a security awareness training company, it was observed that cyber attackers continue to employ human resources-related email subjects as a primary strategy. These email subjects constitute over 50% of the phishing emails that recipients will most likely click on.

According to the third quarter phishing report by KnowBe4, phishing emails remain a prevalent technique employed to carry out malicious attacks on organizations worldwide. As per the previous report conducted by KnowBe4, it was discovered that one in three users is prone to clicking on suspicious links or adhering to fraudulent requests.

Phishing emails encompass malicious attempts by hackers to deceive users into revealing confidential information, often by imitating reputable entities. The effectiveness of these emails is heavily dependent on their credibility.

According to KnowBe4’s research, HR-related subjects, like notifications about training schedules, dress code changes, and vacation updates, are particularly effective bait. The reasoning behind this is logical. Human resources emails deal with matters directly impacting an employee’s daily work and personal life, often leading to quick and impulsive responses.

This report highlights that the pattern of employees clicking on HR-related emails without second thoughts is not a recent development. In the past two quarters, a consistent trend has shown that cybercriminals progressively use HR-themed phishing attempts. These cybercriminals employ a strategy capitalizing on employees’ trust in internal communications, making it more likely for the recipient to engage with the malicious content.

The report also highlights the use of seasonal email subjects. Interestingly, KnowBe4 identified increased phishing emails themed around Halloween and fall. Despite the seemingly harmless nature of these emails, their familiarity can lull users into a false sense of security, causing them to lower their guard.

IT notifications, online service alerts, and tax-related topics became popular themes in phishing emails. This highlights the cybercriminals’ preference for mimicking authoritative or urgent communications. These messages tend to prompt immediate responses, as the consequences of ignoring them can be significant.

“The continued trend of disguising emails as coming from an internal department such as HR is especially dangerous to organizations because they appear to be coming from a trusted, reliable source,” said Stu Sjouwerman, KnowBe4’s Chief Executive.