'These emails take advantage of employee trust and typically incite action that can result in disastrous outcomes'
Phishing attacks disguised as emails from the HR department are continuing to bait employees across the world, finds a survey. One half or 50% of the top phishing email subjects globally pretend to come from an organisation's HR department, according to KnowBe4’s 2023 Phishing by Industry Benchmarking Report.
KnowBe4 CEO Stu Sjouwerman said the trend of phishing emails that appear to come from HR is "especially concerning."
"These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organisation.”
The full list includes:
The list is more diverse than the phishing email subjects from KnowBe4's report last year. This time, malicious emails also appear to come from IT and managers, and are even disguised as tax-related emails.
"These attacks are effective because they could potentially affect users' daily work, and cause a person to react before thinking logically about the legitimacy of the email," KnowBe4 said in an infographic.
There are also phishing emails disguised as holiday, event, and survey messages from the HR department, according to the report. They include:
Various organisations across the world are reporting that they are being targeted by cyberattacks, and some executives are growing concerned that their company could be next.
In a survey from EisnerAmper, 71% of business leaders believe that their next cybersecurity breach will be because of an internal staff error.
KnowBe4's report confirmed this fear is plausible, as it found that 33.2% of untrained employees will likely click a phishing email.
Educating employees on the most common cyberattacks and threats will be crucial in fighting phishing and malicious emails, according to Sjouwerman.
"An educated workforce is an organisation's best defence and is essential to fostering and maintaining a strong security culture," he said.
