KnowBe4 Finds Increasingly Dangerous Attacks in Phishing Emails With Business, IT and HR Focus

Rhea-AI Summary

On October 28, 2021, KnowBe4 released its Q3 phishing report, highlighting the rise of social engineering attacks targeting organizations. CEO Stu Sjouwerman emphasized the increasing sophistication of phishing tactics, focusing on common HR communications rather than traditional social media scams. The report detailed that the top phishing email categories globally were Business, Online Services, and Human Resources. Notably, the U.S. and EMEA regions exhibited different trends in phishing email subjects, underscoring the need for enhanced security awareness training among staff.

Positive

• KnowBe4 has over 41,000 organizations using its security awareness training platform.
• Highlights the importance of security awareness, providing data to help organizations improve their defenses against phishing.
• Increasing sophistication of phishing attacks shows the relevance and demand for KnowBe4's training services.

Negative

• None.

TAMPA BAY, Fla., Oct. 28, 2021 /PRNewswire/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today announced the results of its Q3 top-clicked phishing report.

"Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage," said Stu Sjouwerman, CEO, KnowBe4. "We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns. By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click."

Top 10 Email Categories Globally:
1.       Business
2.       Online Services
3.       Human Resources
4.       IT
5.       Banking and Finance
6.       Coronavirus/COVID-19 Phishing
7.       Mail Notifications
8.       Phishing for Sensitive Information
9.       Social Networking
10.     Brand Knockoffs

Top phishing email subjects were also broken out, comparing those in the U.S. to those in Europe, the Middle East and Africa (EMEA). In Q3 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. In the U.S., most of the email subjects appear to originate from the users' organization. However, in EMEA, the top subjects are related to users' everyday tasks. The organization also reviewed 'in-the-wild' email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top Phishing Email Subjects:
The U.S.
1.       Vacation Policy Update
2.       Password Check Required Immediately
3.       Important: Dress Code Changes
4.       Acknowledge Your Appraisal
5.       Remote Working Satisfaction Survey

EMEA
1.       Your Document is Complete - Save Copy
2.       Stefani has endorsed you!
3.       You have requested a reset to your LinkedIn password
4.       Windows 10 Upgrade Error
5.       Internet Capacity Warning

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

Common "In-the-Wild" attacks:

•  IT: Odd emails from your account
•  IT: Upcoming Changes
•  HR: Remote Working Satisfaction Survey
•  Facebook: Your Facebook access has been temporarily disabled for identity check
•  Twitter: Potential Twitter Account Compromise

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

For more information on KnowBe4, visit www.knowbe4.com.

About KnowBe4
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 41,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

Media Contact 
Amanda Tarantino
Public Relations Officer
KnowBe4
amandat@knowbe4.com

View original content to download multimedia:https://www.prnewswire.com/news-releases/knowbe4-finds-increasingly-dangerous-attacks-in-phishing-emails-with-business-it-and-hr-focus-301410791.html

SOURCE KnowBe4

FAQ

What did KnowBe4 report in Q3 2021 regarding phishing attacks?

KnowBe4's Q3 2021 report revealed a rise in phishing attacks, focusing on business, HR, and IT communications.

How many organizations use KnowBe4's services?

KnowBe4 is used by over 41,000 organizations globally for security awareness training.

What are the top categories of phishing emails according to KnowBe4?

The top categories of phishing emails include Business, Online Services, Human Resources, and IT.

What was the focus of phishing attacks in the U.S. compared to EMEA?

The U.S. phishing attacks were more related to users' organizations, while EMEA focused on everyday tasks.

Who is the CEO of KnowBe4?

Stu Sjouwerman is the CEO of KnowBe4.