INFOGRAPHIC
Phishing emails continue to be one of the most common methods for executing cyberattacks on organisations worldwide . KnowBe4 ’ s 2023 Phishing by Industry Benchmarking Report reveals that nearly one-third of users are susceptible to clicking on malicious links or complying with fraudulent requests . As a result , cybercriminals take advantage of this vulnerability and leverage the innovative tools available to them , such as AI , to come up with increasingly sophisticated messages to outsmart users . These bad actors tailor phishing email strategies to appear more legitimate in their requests and trick employees by inciting an emotional response and urgency to click on a malicious link or download an infected attachment .
HR related phishing attacks take the top spot at 42 %, a trend that has persisted for the last three quarters , followed by IT related phishing emails at 30 %. Phishing emails from HR or IT departments that prompt dress code changes , tax and healthcare updates , training notifications and other similar actions are effective in deceiving employees as they can affect a user ’ s work , evoke an immediate response and can cause a person to react before thinking about the validity of the email .
The KnowBe4 phishing report this quarter also noted more personal phishing email attacks , such as tax , healthcare and ApplePay , that could affect users ’ sensitive information . These types of attacks are effective because they cause a
KNOWBE4 ’ S REPORT SHOWS THAT CYBERCRIMINALS ARE BECOMING INCREASINGLY TACTICAL IN EXPLOITING EMPLOYEE TRUST BY USING HR RELATED PHISHING EMAILS DUE TO THEIR SEEMINGLY LEGITIMATE SOURCE .
person to react to a potentially alarming topic and engage to protect their private information before thinking logically about the credibility of the email .
“ KnowBe4 ’ s report shows that cybercriminals are becoming increasingly tactical in exploiting employee trust by using HR related phishing emails due to their seemingly legitimate source ,” said Stu Sjouwerman , CEO of KnowBe4 . “ Emails coming from an internal department such as HR or IT are especially harmful to organisations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy , exposing the company to security vulnerabilities . A well-trained workforce is therefore crucial in building a strong security culture and serves as the best defence in safeguarding organisations against preventable cyberattacks .” x www . intelligentcxo . com
19