KnowBe4 today announced the results of its Q3 2022 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests and reflect the shift from personal to business-related email subjects including internal requests and updates from Human Resources, IT and managers.
Phishing emails regularly plague organisations around the globe. New research from Avanan reveals that nearly 19% of phishing emails were bypassed by the anti-malware app, Microsoft Defender. This is a key indicator as to why technology and email filters cannot be relied on as the sole method of protection against malicious emails.
Business phishing emails have always been effective and continue to be successful because of their potential to affect a user’s workday and routine. This quarter’s phishing test results reveal that 40% of email subjects are HR related, creating a sense of urgency in users to act quickly, sometimes before thinking logically and taking the time to question the email’s legitimacy. This year’s phishing test also revealed the top vector for this quarter to be phishing links in the body of an email. These combined tactics can have destructive outcomes for organisations and lead to a multitude of cyberattacks such as ransomware and business email compromise.
Along with reflecting a shift towards the use of more business-related emails, this quarter’s phishing test reveals a shift away from the use of personal-related emails such as those from social media. In fact, Q3’s phishing report is the first of this year that does not attribute social networking or social media sites as a top email subject category.
“As phishing emails evolve and become more sophisticated, it is imperative that organisations prioritise security awareness training for all employees, now more than ever,” said Stu Sjouwerman, CEO, KnowBe4. “Phishing emails that disguise themselves as internal communications are especially concerning since they are sure to grab the attention of users and typically incite action. New-school security awareness training for employees helps combat phishing and malicious emails by educating users on what to look out for— it is the key to creating a healthy level of skepticism to better protect an organisation and build a stronger security culture.”