UPDATED 20:28 EST / OCTOBER 18 2023

SECURITY

Human resources emails remain top phishing targets

A new report released today by security awareness training company KnowBe4 Inc. finds that human resources-related email subjects remain a principal strategy among cyberattackers, accounting for more than half of the top-clicked phishing email subjects.

The KnowBe4 third quarter phishing report found that phishing emails continue to be one of the most common methods to perpetuate malicious attacks on organizations around the globe. A previous report from KnowBe4 found that one in three users is likely to click on a suspicious link or comply with a fraudulent request.

Phishing emails are malicious attempts by hackers to trick users into divulging sensitive information, typically by mimicking trusted entities. The effectiveness of these emails relies significantly on their believability.

KnowBe4’s research found that HR-related subjects, such as notifications about dress code modifications, training schedules and vacation updates, are particularly effective bait. The rationale is logical: HR emails touch on topics that directly affect an employee’s day-to-day work and personal life, prompting swift and often impulsive actions.

This report notes that the pattern of employees clicking on HR-related emails without thinking twice isn’t particularly new. Over the last two quarters, there has been a consistent trend wherein cybercriminals have increasingly adopted HR-themed phishing attempts. The strategy of these cybercriminals is to capitalize on the inherent trust employees place in internal communications, increasing the likelihood of the recipient interacting with the malicious content.

Also of interest in the report is the use of seasonal email subjects. KnowBe4 found a rise in phishing emails centered around Halloween and fall themes. Although such emails may seem benign, their familiarity can create a sense of security, leading users to drop their guard.

Information technology notifications, online service alerts and tax-related subjects also remained popular in phishing emails, emphasizing a preference among cybercriminals for mimicking authoritative or urgent communications. Such messages are more likely to evoke immediate responses, given the potential implications of ignoring them.

“The continued trend of disguising emails as coming from an internal department such as HR is especially dangerous to organizations because they appear to be coming from a trusted, reliable source,” said KnowBe4 Chief Executive Stu Sjouwerman.

Image: DALL-E 3

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU