SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
More users falling for security and HR-related phishing attacks
Wed, 14th Jul 2021
FYI, this story is more than a year old

More users are falling for security and HR-related phishing attacks, according to new research from KnowBe4.

The KnowBe4 Q2 2021top-clicked phishing report found there has been a significant rise in phishing email attacks related to HR topics, particularly regarding new policies that would affect all employees throughout organisations.

Real phishing emails that were reported to IT departments related to security-minded users about password checks continue to remain popular.

One subject area that has dropped off dramatically includes messages related to COVID-19. End users have become more savvy about scams related to that topic, according to the report.

Social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 41%.

“With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks” says Stu Sjouwerman, CEO, KnowBe4.

“These days, it is especially important for all end users to take a moment to double check a link or attachment and to question whether the email is expected or unexpected," he says.

"Employees are truly an organisation's last line of defence. They can be the difference between a successful attack and an unsuccessful one with proper security awareness training and testing.”

In Q2 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed ‘in-the-wild' email subject lines that show actual emails users received and reported to their IT departments as suspicious.

According to the research, the top 10 general email subjects were:

-Password Check Required Immediately
-Vacation Policy Update
-Important: Dress Code Changes
-ACH Payment Receipt
-Test of the [[company_name]] Emergency Notification System
-Scheduled Server Maintenance -- No Internet Access
-COVID-19 Remote Work Policy Update
-Scanned image from MX2310U@[[domain]]
-Security Alert
-Failed Delivery

And when investigating ‘in-the-wild' email subject lines, KnowBe4 found the most common throughout Q1 2021 included:

-Zoom: Important issue
-IT: Information Security Policy Review
-Mastercard: Confirmation: Your One-Time Password
-Facebook: Your account has been temporarily locked
-Google: Take action to secure your compromised passwords
-Microsoft: Help us protect you - Turn on 2-step verification to protect your account
-Docusign: Lucile Green requests you to sign Mandatory Security Training documents
-Internship Program
-IT: Remote working missing updates
-HR: Electronic Implementation of new HRIS