QR codes in phishing emails also on the rise, KnowBe4 warns
Phishing emails with HR-related subjects continue to victimise employees across the world, according to the latest data from KnowBe4.
Its top-clicked phishing report for the second quarter revealed that phishing emails having HR-related (42%) and IT-related (30%) subjects continue to target employees.
"These attacks continue to be effective as they can affect a user's work, evoke an immediate response, and can cause a person to react before thinking about the validity of the email," the report read.
Source: KnowBe4's Q2 2024 top-clicked phishing report
These findings indicate that phishing tactics are "ever-evolving" and continue to pose a threat to organisations, according to Stu Sjouwerman, CEO at KnowBe4.
"We're seeing cybercriminals adapt their strategies at an alarming speed. The continuous rise in HR-related phishing emails is especially troubling, as they target the very foundation of organisational trust," Sjouwerman said.
Use of QR codes growing
Meanwhile, the report also warned about the growing use of QR codes in phishing emails across the world.
"Prominent email subjects prompting employees to scan QR codes included MFA migrations, reminders from HR, and password expiration notifications," KnowBe4 said in its media release.
Sjouwerman, citing Trend Micro, previously wrote in a blog that organisations need to be aware of the threat posed by QR code phishing, or quishing.
"A QR code phishing, or quishing attack, is a modern social engineering cyber-attack technique manipulating users into giving away personal and financial information or downloading malware. It targets C-level executives and the highest strategic roles within a company," researchers at Trend Micro said, as quoted by the CEO.
QR codes don't use a text-based link so they are able to slip past email security filters to target humans directly, according to researchers.
Sjouwerman said the growing use of QR codes in phishing attempts adds "another layer of complexity to these threats."
"In this environment, it's crucial for organisations to prioritise comprehensive security awareness training. By educating employees about these and other emerging tactics, and cultivating a strong security culture, organisations can mitigate the human risk that exists within," he said.
