IT disaster recovery, cloud computing and information security news

Half of the top malicious email subjects are now related to HR

Details

KnowBe4 has announced the results of its Q2 2023 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests and reflect the use of HR business-related messages to gain interest from employees.

Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organizations around the globe. Cybercriminals are constantly refining their strategies to stay up-to-date with market trends and outsmart end users and organizations by creating phishing email subjects that are realistic and believable. They prey on emotions and aim to cause distress, confusion, panic, or even excitement in order to entice someone to click on a phishing link or malicious attachment.

Phishing tactics are changing with the increasing trend of cybercriminals using email subjects coming from HR related to dress code changes, training notifications, vacation updates and more. These are effective because they may cause a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday.

In the US, for example, holiday phishing email subjects were also used this quarter with four out of the five top holiday email subjects appearing to have come from HR. Incentives referring to national holidays such as Juneteenth and the Fourth of July, holiday celebrations and schedule changes were used as bait for unsuspecting end users. Additionally, the report reflects the consistent trend of using IT and online service notifications as well as tax-related email subjects.

“The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible,” said Stu Sjouwerman, CEO, KnowBe4. “The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50 percent of these emails appear to come from HR – a trusted and crucial department of so many, if not all, organizations. These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organization.”

More details (PDF).


Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

Root Cause Analysis
The Impact Tolerance Guide

Additional Resources

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.