Regardless of how obvious a phishing attempt may be, some employees will still happily click away, putting themselves and their organization at risk of data theft.
This is according to a new report from cybersecurity firm KnowBe4, which claims phishing email attacks related to HR topics (for example, an email discussing new policies affecting everyone in a company) are still highly successful.
Phishing emails that invite victims to change their “compromised” passwords are also quite popular.
On the other hand, the number of phishing attempts that play on a Covid-19-related themes has dropped significantly, as employees became increasingly alert to the threat.
“With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks,” said Stu Sjouwerman, CEO, KnowBe4.
“These days, it is especially important for all end users to take a moment to double-check a link or attachment and to question whether the email is expected or unexpected. Employees are truly an organization’s last line of defense. They can be the difference between a successful attack and an unsuccessful one with proper security awareness training and testing.”
Analyzing in-the-wild phishing email subject lines, KnowBe4 found these to be most prevalent:
- Zoom: Important issue
- IT: Information Security Policy Review
- Mastercard: Confirmation: Your One-Time Password
- Facebook: Your account has been temporarily locked
- Google: Take action to secure your compromised passwords
- Microsoft: Help us protect you - Turn on 2-step verification to protect your account
- Docusign: Lucile Green requests you to sign Mandatory Security Training documents
- Internship Program
- IT: Remote working missing updates
- HR: Electronic Implementation of new HRIS