CIO Influence
CIO Influence News Security

KnowBe4 : Employees Most Frequently Fall for Emails That Look Like They Came From Human Resources or IT

KnowBe4 : Employees Most Frequently Fall for Emails That Look Like They Came From Human Resources or IT

In phishing tests conducted on business emails, more than half of the subject lines clicked imitated Human Resources communications

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has released the most frequently clicked phishing methods, including the top email subjects clicked on in phishing tests. Half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The other top category was IT requests, including password verifications needed immediately.

KnowBe4 Q2 Phishing Test Infographic
KnowBe4 Q2 Phishing Test Infographic

By now most people know that if they receive a text message confirming an $1800 order they never placed, or telling them they’ve just won a new grill, they shouldn’t click on it. But what if it’s from their HR Department about an upcoming performance review? Or, what if the attachment is a draft of a Strategic Plan that mentions their name?

Latest ITechnology News: SentinelOne for AWS Elastic Disaster Recovery Protects Organizations from Ransomware

Business phishing emails are particularly effective because, left unanswered, they could potentially affect the user’s daily work, enticing employees to react quickly before thinking logically about the email’s legitimacy. The email source may be hidden by a spoofed domain, making it even easier to miss, and may even have the company name and logo (sometimes even the employee’s name) in the email body. Most include a phishing hyperlink in the email or a supposed PDF attachment.

Latest ITechnology News: Aqua Security Introduces New Global Partner Ecosystem Program: Aqua Advantage

“We already know that more than 80% of company data breaches globally come from human error,” said Stu Sjouwerman, KnowBe4’s CEO. “New-school security awareness training your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognize a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”

Latest ITechnology News: Snyk Unveils Snyk Cloud, the Industry’s First Developer-Centric Cloud Security Solution

[To share your insights with us, please write to sghosh@martechseries.com]

Related posts

For European Enterprises, the Future is Built on Analytics

Business Wire

ScalePad Announces Investment From Integrity Growth Partners

Celigo is First and Only iPaaS Company to Automate Business Processes Across Multiple Cloud Applications Using a Single Prebuilt Integration

CIO Influence News Desk