HR-related phishing scams are the most preferred by cybercriminals accounting for 42% of cyberattacks, followed by IT-related phishing emails at 30%. The latest KnowBe4’s Phishing report indicates that phishing emails from HR or IT departments that prompt dress code changes, tax and healthcare updates, training notifications and other similar actions are effective in deceiving employees as they can affect a user’s work, evoke an immediate response and can cause a person to react before thinking about the validity of the email.
The report indicates that nearly a third of internet users are susceptible to clicking on malicious links or complying with fraudulent requests. This KnowBe4’s Phishing report indicates that phishing emails are the most common methods for executing cyberattacks on individuals and organizations worldwide.
As a result, cybercriminals take advantage of this vulnerability and leverage the innovative tools available to them, such as AI, to come up with increasingly sophisticated messages to outsmart users. These bad actors tailor phishing email strategies to appear more legitimate in their requests and trick employees by inciting an emotional response and urgency to click on a malicious link or download an infected attachment.
“KnowBe4’s report shows that cybercriminals are becoming increasingly tactical in exploiting employee trust by using HR-related phishing emails due to their seemingly legitimate source. Emails coming from an internal department such as HR or IT are especially harmful to organizations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy, exposing the company to security vulnerabilities.
“A well-trained workforce is therefore crucial in building a strong security culture and serves as the best defense in safeguarding organizations against preventable cyberattacks,” said KnowBe4, CEO, Stu Sjouwerman.
The KnowBe4 phishing report this quarter also noted more personal phishing email attacks, such as tax, healthcare and ApplePay, that could affect users’ sensitive information. These types of attacks are effective because they cause a person to react to a potentially alarming topic and engage to protect their private information before thinking logically about the credibility of the email.