Phishing emails discussing human resources matters in the workplace have the greatest chance of employees clicking on malicious links, a new report has warned.
Editor’s note: This story first appeared on HR Leader’s sister brand, Cyber Daily.
Human resources subjects, including dress code changes, training, and holiday requests, are the most clicked phishing emails, cyber security professionals have warned.
Analysing the most common email subjects clicked on by professionals, researchers from security awareness provider KnowBe4 outline that HR content is most likely to convince employees to carry out the action of a malicious email without questioning its source.
Of the phishing emails clicked by employees, 12 per cent were related to dress code changes and tax information, 11 per cent were related to holiday leave, and 10 per cent warned of overdue training. In total, human resources totalled 42 per cent of the most-clicked phishing emails with business-related subject lines.
Surprisingly, 10 per cent of successful phishing emails pertained to additional cyber security training for employees.
Worryingly for businesses, employees are continuing to engage with malicious emails, with one in three users still likely to interact with phishing scams.
The research determined that threat actors are continuing to utilise QR codes to gain information from employees, with employees scanning the codes under the guise of multifactor authentication and password expiration.
KnowBe4 researchers have warned businesses that malicious actors are continuously adapting their strategies to focus on the most successful attack vectors.
“The continuous rise in HR-related phishing emails is especially troubling, as they target the very foundation of organisational trust,” Stu Sjouwerman, CEO at KnowBe4, said.
“Moreover, the increase of QR codes in phishing attempts adds another layer of complexity to these threats.
“In this environment, it’s crucial for organisations to prioritise comprehensive security awareness training. By educating employees about these and other emerging tactics and cultivating a strong security culture, organisations can mitigate the human risk that exists within.”