KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released itsย Q1 2025 Phishing Report. This quarter’s findings reveal the most deceptive email subjects users click in phishing simulations, indicating HR and IT-related emails account for over 60% of top-clicked phishing emails. All data for this report was taken from the KnowBe4 HRM+ platform betweenย January 1, 2025, andย March 31, 2025.
Read More onย CIO Influence:ย AI-Augmented Risk Scoring in Shared Data Ecosystems
KnowBe4’s Q1 2025 Phishing Report reveals that impersonating internal communications, such as from HR or IT, received the most failures. An overwhelming 60.7% of the simulations clicked mentioned an internal team and 49.7% mentioned HR specifically. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks. Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments. Top reported subjects included “Zoom Clips” from managers, HR training reports, and mail server warnings.
The report highlights the ongoing threat posed by email-embedded phishing links, which continue to be a primary attack tactic. Analysis shows people were more likely to click on links related to internal topics or impersonating known brands (61.6%), with 68.6% involving domain spoofing. Organizations are highly susceptible to branded landing pages from Microsoft, LinkedIn and Google, which ranked as the top three most effective phishing destinations for harvesting credentials.
The report also reveals people’s continued susceptibility to phishing emails leveraging QR codes. The top three QR codes people scanned in simulations related to: a new drug and alcohol policy from HR (14.7%), a DocuSign for review and signing (13.7%) and a Workday happy birthday message (12.7%). In attachment-based campaigns, people were most likely to open PDFs (53%), HTML files (28.5%) and Word files (18.5%).
Catch more CIO Insights:ย Ghost Security Releases Groundbreaking Research: AI-Driven Analysis Exposes Flaws in Static Application Security Testing
“It is evident that attackers understand that employees are conditioned to respond quickly to messages that appear to come from HR or IT, and trust branded content from platforms they use daily like Microsoft, LinkedIn and Google,” saidย Stu Sjouwerman, CEO of KnowBe4. “The psychological sophistication behind these attacks demonstrates why human risk management must be central to cybersecurity strategy. Organizations must respond by cultivating a security culture that encourages healthy skepticism and verification habits, where employees feel empowered to verify suspicious communications, even when they appear to come from leadership or critical internal departments.”
[To share your insights with us, please write toย psen@itechseries.com]
