'Cybercriminals becoming increasingly tactical in exploiting employee trust,' says expert
HR-related email subjects are the most-used subjects for phishing emails across the world, according to a new report.
KnowBe4's Q1 2024 Phishing by Industry Benchmarking Report revealed that email subjects seemingly coming from HR departments made up 42% of all phishing email subjects globally.
IT-related email subjects come in second, with 30%.
Source: KnowBe4
Stu Sjouwerman, CEO of KnowBe4, said cybercriminals are becoming "increasingly tactical in exploiting employee trust" for using HR-related phishing emails.
"Emails coming from an internal department such as HR or IT are especially harmful to organisations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy, exposing the company to security vulnerabilities," Sjouwerman said in a statement.
According to the report, the top five vector types, or the way attackers enter a network or system, include emails with:
"The #1 vector for the past quarter from our phishing tests and those seen in the wild are phishing links in the email body," the report said. "When these links are clicked, they often lead to disastrous cyberattacks such as ransomware and business email compromise."
Overall, nearly a third of users in KowBe4's report are susceptible to clicking a malicious link or complying with fraudulent requests.
This further escalates business leaders' previous concerns that their next cybersecurity breach will likely be from internal staff error.
"A well-trained workforce is therefore crucial in building a strong security culture and serves as the best defence in safeguarding organisations against preventable cyberattacks," Sjouwerman said.