KnowBe4 Report Finds More Users Are Falling for Security and HR-Related Phishing Attacks
KnowBe4, a leader in security awareness training, published its Q2 2021 phishing report, revealing a notable rise in phishing attacks centered on HR topics. Key findings indicate that phishing emails about new workplace policies are increasing, while COVID-19-related scams have declined as users become more savvy. LinkedIn phishing remains prevalent, making up 41% of social media phishing attempts. The report analyzed tens of thousands of email subjects, showing a mix of simulated and reported phishing attempts. With over 39,000 organizations using KnowBe4's platform, employee training plays a crucial role in cybersecurity.
- Increase in demand for security awareness training correlated with rising phishing attacks targeting HR topics.
- KnowBe4's established position as a trusted provider, with over 39,000 organizations utilizing its training services.
- Rising phishing attacks may indicate a failure in current security awareness measures.
- Specific focus on workplace policy changes may exploit employee anxieties, creating potential security risks.
TAMPA BAY, Fla., July 13, 2021 /PRNewswire/ -- KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, today revealed the results of its Q2 2021 top-clicked phishing report.
There has been a significant rise in phishing email attacks related to HR topics, particularly regarding new policies that would affect all employees throughout organizations. Real phishing emails that were reported to IT departments related to security-minded users about password checks continue to remain popular. One subject area that has dropped off dramatically includes messages related to COVID-19. End users have become more savvy about scams related to that topic. Social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at
"With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks" said Stu Sjouwerman, CEO, KnowBe4. "These days, it is especially important for all end users to take a moment to double check a link or attachment and to question whether the email is expected or unexpected. Employees are truly an organization's last line of defense. They can be the difference between a successful attack and an unsuccessful one with proper security awareness training and testing."
In Q2 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also reviewed 'in-the-wild' email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.
Top 10 General Email Subjects:
-Password Check Required Immediately
-Vacation Policy Update
-Important: Dress Code Changes
-ACH Payment Receipt
-Test of the [[company_name]] Emergency Notification System
-Scheduled Server Maintenance -- No Internet Access
-COVID-19 Remote Work Policy Update
-Scanned image from MX2310U@[[domain]]
-Security Alert
-Failed Delivery
*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
When investigating 'in-the-wild' email subject lines, KnowBe4 found the most common throughout Q1 2021 included:
-Zoom: Important issue
-IT: Information Security Policy Review
-Mastercard: Confirmation: Your One-Time Password
-Facebook: Your account has been temporarily locked
-Google: Take action to secure your compromised passwords
-Microsoft: Help us protect you - Turn on 2-step verification to protect your account
-Docusign: Lucile Green requests you to sign Mandatory Security Training documents
-Internship Program
-IT: Remote working missing updates
-HR: Electronic Implementation of new HRIS
*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.
For more information on KnowBe4, visit www.knowbe4.com.
About KnowBe4
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 39,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.
Media Contact
Amanda Tarantino
Public Relations Officer
KnowBe4
amandat@knowbe4.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/knowbe4-report-finds-more-users-are-falling-for-security-and-hr-related-phishing-attacks-301332265.html
SOURCE KnowBe4
FAQ
What does the Q2 2021 KnowBe4 phishing report reveal about phishing trends?
What type of phishing emails are employees most susceptible to, according to KnowBe4?
How does KnowBe4 help organizations combat phishing attacks?
What percentage of social media phishing attempts come from LinkedIn according to KnowBe4?