Attacks in phishing emails with a business, IT and HR focus are becoming increasingly dangerous, according to new research.
KnowBe4, a provider of a security awareness training and simulated phishing platform, today announced the results of its Q3 top-clicked phishing report.
“Social engineering attacks continue to be one of the top ways malicious hackers breach organisations and/or cause damage,” says Stu Sjouwerman, chief executive officer at KnowBe4.
“We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns," he says.
"By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”
According to the research, the top 10 email categories globally include:
- Business
- Online Services
- Human Resources
- IT
- Banking and Finance
- Coronavirus/COVID-19 Phishing
- Mail Notifications
- Phishing for Sensitive Information
- Social Networking
- Brand Knockoffs
Top phishing email subjects were also broken out, comparing those in different regions across the globe. In Q3 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. In the United States, most of the email subjects appear to originate from the users' organisation. However, in EMEA, the top subjects are related to users' everyday tasks.
KnowBe4 also reviewed ‘in-the-wild' email subject lines that show actual emails users received and reported to their IT departments as suspicious.
According to the research, the top phishing email subjects include:
In the United States:
Vacation Policy Update
Password Check Required Immediately
Important: Dress Code Changes
Acknowledge Your Appraisal
Remote Working Satisfaction Survey
In EMEA:
Your Document is Complete - Save Copy
Stefani has endorsed you!
You have requested a reset to your LinkedIn password
Windows 10 Upgrade Error
Internet Capacity Warning
Common “In-the-Wild” attacks:
IT: Odd emails from your account
IT: Upcoming Changes
HR: Remote Working Satisfaction Survey
Facebook: Your Facebook access has been temporarily disabled for identity check
Twitter: Potential Twitter Account Compromise
KnowBe4 is provider of the world's largest security awareness training and simulated phishing platform, which is used by more than 41,000 organisations around the globe.
Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 aims helps organisations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security.
Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's chief hacking officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence.