Story image

Attacks in phishing emails with business, IT and HR focus becoming increasingly dangerous

By Shannon Williams, Thu 4 Nov 2021

Attacks in phishing emails with a business, IT and HR focus are becoming increasingly dangerous, according to new research.

KnowBe4, a provider of a security awareness training and simulated phishing platform, today announced the results of its Q3 top-clicked phishing report.  

“Social engineering attacks continue to be one of the top ways malicious hackers breach organisations and/or cause damage,” says Stu Sjouwerman, chief executive officer at KnowBe4. 

“We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns," he says.

"By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”  

According to the research, the top 10 email categories globally include:

  • Business 
  • Online Services 
  • Human Resources 
  • IT 
  • Banking and Finance 
  • Coronavirus/COVID-19 Phishing 
  • Mail Notifications 
  • Phishing for Sensitive Information 
  • Social Networking 
  • Brand Knockoffs 

Top phishing email subjects were also broken out, comparing those in different regions across the globe. In Q3 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. In the United States, most of the email subjects appear to originate from the users’ organisation. However, in EMEA, the top subjects are related to users’ everyday tasks. 

KnowBe4 also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. 

According to the research, the top phishing email subjects include:

In the United States:

Vacation Policy Update 
Password Check Required Immediately 
Important: Dress Code Changes 
Acknowledge Your Appraisal 
Remote Working Satisfaction Survey  

In EMEA:

Your Document is Complete - Save Copy 
Stefani has endorsed you! 
You have requested a reset to your LinkedIn password 
Windows 10 Upgrade Error 
Internet Capacity Warning  

Common “In-the-Wild” attacks:  

IT: Odd emails from your account 

IT: Upcoming Changes 

HR: Remote Working Satisfaction Survey 

Facebook: Your Facebook access has been temporarily disabled for identity check 

Twitter: Potential Twitter Account Compromise  

KnowBe4 is provider of the world’s largest security awareness training and simulated phishing platform, which is used by more than 41,000 organisations around the globe. 

Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 aims helps organisations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. 

Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's chief hacking officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence. 

Recent stories
More stories