HR and IT are among top-clicked phishing subjects
A new report reveals that HR and IT-related phishing emails claim a significant 48.6 percent share of top-clicked phishing types globally.
The research from KnowBe4 also shows that among large companies -- 1,000+ employees -- the most targeted industries are healthcare and pharmaceuticals with a Phish-Prone Percentage (PPP) of 51.4 percent, insurance on 48.8 percent and energy and utilities on 47.8 percent.
Medium businesses see hospitality move into the top spot with a PPP of 39.7 percent, healthcare and pharmaceuticals on 38.8 percent and the consulting industry in the top three for the first time with a PPP of 36.2 percent.
Smaller firms with under 250 staff again have healthcare and pharma at the number one spot, with a PPP of 34.7 percent. Education is second on 32.4 percent, slightly more than one point more lower than the previous year, with hospitality third on a PPP of 31.2 percent.
Email-embedded phishing links continue to be the attack vector of choice. These malicious links, PDF attachments and spoofed domains, when interacted with, often result in disastrous cyberattacks, including ransomware attacks and business email compromise. The report also reveals a surge in phishing campaigns using QR codes. Popular QR code phishing subjects include HR reminders for policy reviews, DocuSign emails to sign an urgent document, and Zoom meeting invitations.
"Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications," says Stu Sjouwerman, CEO of KnowBe4. "The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial -- they are essential. By prioritizing human risk management, organizations can effectively build a formidable defence against avoidable cyberthreats."
You can get the full report from the KnowBe4 site.
Image credit: 8vfand/Dreamstime.com