SECURITY
SECURITY
SECURITY
Human resources emails remain top phishing targets
A new report released today by security awareness training company KnowBe4 Inc. finds that human resources-related email subjects remain a principal strategy among cyberattackers, accounting for more than half of the top-clicked phishing email subjects.
The KnowBe4 third quarter phishing report found that phishing emails continue to be one of the most common methods to perpetuate malicious attacks on organizations around the globe. A previous report from KnowBe4 found that one in three users is likely to click on a suspicious link or comply with a fraudulent request.
Phishing emails are malicious attempts by hackers to trick users into divulging sensitive information, typically by mimicking trusted entities. The effectiveness of these emails relies significantly on their believability.
KnowBe4’s research found that HR-related subjects, such as notifications about dress code modifications, training schedules and vacation updates, are particularly effective bait. The rationale is logical: HR emails touch on topics that directly affect an employee’s day-to-day work and personal life, prompting swift and often impulsive actions.
This report notes that the pattern of employees clicking on HR-related emails without thinking twice isn’t particularly new. Over the last two quarters, there has been a consistent trend wherein cybercriminals have increasingly adopted HR-themed phishing attempts. The strategy of these cybercriminals is to capitalize on the inherent trust employees place in internal communications, increasing the likelihood of the recipient interacting with the malicious content.
Also of interest in the report is the use of seasonal email subjects. KnowBe4 found a rise in phishing emails centered around Halloween and fall themes. Although such emails may seem benign, their familiarity can create a sense of security, leading users to drop their guard.
Information technology notifications, online service alerts and tax-related subjects also remained popular in phishing emails, emphasizing a preference among cybercriminals for mimicking authoritative or urgent communications. Such messages are more likely to evoke immediate responses, given the potential implications of ignoring them.
“The continued trend of disguising emails as coming from an internal department such as HR is especially dangerous to organizations because they appear to be coming from a trusted, reliable source,” said KnowBe4 Chief Executive Stu Sjouwerman.
Image: DALL-E 3
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
