KnowBe4's Q3 Phishing Report reveals the most deceptive email subjects users click, indicating HR and IT-related emails account for nearly half of top-clicked phishing emails
KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released its Q3 2024 Phishing Report. This quarter's findings reveal the most frequently clicked email subjects in simulated phishing tests, demonstrating the continued efficacy of HR and IT-related phishing attempts.
KnowBe4’s Q3 2024 Phishing Report reveals that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. KnowBe4's 2024 Phishing by Industry Benchmarking Report reveals that about one in three users is susceptible to interacting with malicious links or fraudulent requests. Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments.
The report spotlights the ongoing threat posed by email-embedded phishing links, which continue to be the top attack vector of choice. These malicious links, PDF attachments and spoofed domains, when interacted with, often result in disastrous cyberattacks, including ransomware attacks and business email compromise. The report also reveals a surge in phishing campaigns leveraging QR codes. Popular QR code phishing subjects include HR reminders for policy reviews, DocuSign emails to sign an urgent document, and Zoom meeting invitations. These messages, often masquerading as communication from HR, colleagues or external vendors, pose substantial risks as they can easily be replicated by malicious actors.
"Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications," said Stu Sjouwerman, CEO of KnowBe4. "The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritizing human risk management, organizations can effectively build a formidable defense against avoidable cyberthreats."
To download a copy of the Q3 2024 KnowBe4 Phishing Report infographic, visit here.
About KnowBe4
KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization’s biggest asset.
