Cybercriminals have found a way to inveigle
people into clicking on links and malicious attachments: pretend they’re from HR, according to KnowBe4’s Q2 2023 top-clicked phishing report.
These HR-related emails include alerts
on dress code changes, training notifications, vacation updates and other such topics.
During this quarter, four out of five of the top holiday email subjects appeared to have come from
HR. Incentives related to national holidays such as Juneteenth and the Fourth of July were used as bait for the unsuspecting.
"The trend of phishing emails revealed in the Q2 phishing
report is especially concerning, as 50% of these emails appear to come from HR — a trusted and crucial department of so many, if not all organizations,” says Stu Sjouwerman, CEO,
KnowBe4.
Sjouwerman adds: “These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire
organization.”
Victims tend to react before thinking about whether the email is legitimate, the company says.
The solution: “New-school security awareness training
for employees is crucial to help combat phishing and malicious emails by educating users on the most common cyber attacks and threats,” Sjouwerman says.