KnowBe4 report uncovers HR and IT emails as top phishing targets

Joy Agwunobi

A recent report from KnowBe4 has revealed that HR and IT-related email subjects are the top baits in phishing attacks,making up 42 percent and 30 percent of clicked subjects, respectively,  indicating the alarming reality of a growing trend in AI-powered phishing attacks targeting businesses and their employees.

The report,  a product of KnowBe4’s role as a leading security awareness training and simulated phishing platform, is focused on simulated phishing tests conducted during the first quarter of 2024.

According to the report, phishing emails from HR or IT departments often prompts employees to take action on topics such as  dress code changes, tax and healthcare updates, training notifications and other similar actions are effective in deceiving employees as they appear to be legitimate and urgent causing immediate  response and can cause a person to react before thinking about the validity of the email.

“HR continues to take the top spot with 42 per cent  of the business-related subjects. Another major theme is IT related subjects at 30 per cent . These attacks continue to be effective as they can affect a user’s work, evoke an immediate response and can cause a person to react before thinking about the validity of the email,” the report stated.

KnowBe4 also reported a rise in personal phishing email attacks, targeting sensitive information related to tax, healthcare, and ApplePay.It noted that these  type  of attacks are effective because they cause a person to react to a potentially alarming topic and engage to protect their private information before thinking logically about the credibility of the email.

According to the report,  phishing links embedded within email bodies remain the leading attack vector employed in their phishing security tests for the past quarter. It noted that clicking on such links can expose organisations to various cyberattacks, including ransomware and business email compromise. Additionally, the report observed that IT-related messages discussing migrations and passwords effectively captured employees’ attention, as they sought to understand new procedures. Furthermore, Amazon shipment-related emails were also found to be effective in engaging users, due to their relevance and urgency.

The 2023 Phishing by Industry Benchmarking Report by KnowBe4 also revealed a concerning statistic that almost one-third of users are prone to clicking on malicious links or falling victim to fraudulent requests. It revealed that this vulnerability has been exploited by cybercriminals who utilise cutting-edge technologies such as AI to devise increasingly phishing strategies.

In light of the ongoing phishing emails as a primary method for executing cyberattacks on organisations globally,the report serves as a wake up call for businesses to prioritise employee awareness and education on identifying and reporting phishing attempts.

Stu Sjouwerman, CEO of KnowBe4, stressed that cybercriminals are becoming more tactical in exploiting employee trust by using HR-related phishing emails due to their seemingly credible source.

According to Sjouwerman, emails coming from an internal department such as HR or IT are especially harmful to organisations since they appear to be coming from a trusted source and can convince employees to engage quickly before confirming their legitimacy, exposing the company to security vulnerabilities.

He suggested the establishment of a well-trained workforce as a primary defence strategy in protecting organisations from preventable cyberattacks. The CEO also stressed on   the importance of investing in continuous security awareness training and promoting a culture of shared responsibility among employees to safeguard digital assets, ultimately strengthening an organisation’s overall security posture.