Phishing emails remain a prevalent and effective tool for cybercriminals to launch malicious attacks on organisations worldwide.
These bad actors continuously evolve their tactics, adapting to current market trends and outsmarting both end users and organisations by crafting phishing email subjects that appear authentic and credible, according to KnowBe4’s Q2 2024 top-clicked phishing report.
Their strategies often exploit human emotions, aiming to elicit feelings of urgency, confusion, anxiety, or even excitement, all in an attempt to lure recipients into clicking on malicious links or opening harmful attachments.
The severity of this threat is underscored by KnowBe4’s 2024 Phishing by Industry Benchmarking Report, which reveals that approximately one out of every three users is prone to interacting with suspicious links or complying with fraudulent requests.
HR related email subjects have become increasingly popular as a phishing tactic with cybercriminals over the last year, particularly those relating to dress code changes, training notifications, vacation updates and more. These are effective because they may provoke a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee’s personal life and professional workday.
QR codes included in phishing emails are a growing concern with cybercriminals attempting to use these to extract sensitive information or steal money from unsuspecting employees and organisations. Prominent email subjects promting employees to scan QR codes included MFA migrations, reminders from HR, and password expiration notifications.
Additionally, the data reflects the consistent trend of utilising IT and online service notifications as well as tax-related email subjects.
“Phishing tactics are ever evolving and continue to pose a significant threat to organizations worldwide,” says Stu Sjouwerman, CEO of KnowBe4. “We’re seeing cybercriminals adapt their strategies at an alarming speed. The continuous rise in HR related phishing emails is especially troubling, as they target the very foundation of organisational trust.
“Moreover, the increase of QR codes in phishing attempts adds another layer of complexity to these threats. In this environment, it’s crucial for organisations to prioritize comprehensive security awareness training. By educating employees about these and other emerging tactics, and cultivating a strong security culture, organizations can mitigate the human risk that exists within.”