More and more IT- and online services-related email subjects are being utilised as phishing strategies by cybercriminal, according to KnowBe4’s latest quarterly global phishing report.
The results of the Q1 2023 report include the top email subjects clicked on in phishing tests and reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect end users’ daily work.
Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organisations around the globe, says KnowBe4. Cybercriminals are always refining their strategies to stay one step ahead of end users and organisations by changing phishing email subjects to be more believable. They prey on emotions and aim to cause distress or confusion in order to entice someone to click.
Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts, and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
Holiday phishing email subjects were also utilised this quarter with incentives such as a change in schedule, gift card, and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the US prepared for tax season in Q1.
“Cybercriminals are constantly increasing the damage they cause to organisations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” says Stu Sjouwerman, CEO of KnowBe4. “Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical.
“Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors,” Sjouwerman says.