Employees are particularly vulnerable to phishing
techniques that exploit familiarity, according to the Q3 Phishing Roundup from KnowBe4.
Of the simulated landing page interactions studied, 70% involved branded content. Microsoft
accounted for 25%, followed by LinkedIn, X, Okta, and Amazon.
Personalization increased the click rate in simulated phishing emails. Internal topics made up 90% of most-clicked
subject lines, with HR cited in 45% of the 10 most-clicked emails.
The most-clicked subject lines included:
- Google Doc: IT help desk — 13.2%
- MS Teams: strategic planning — 12.5%
- Possible typo — 10.2%
- HR: vacation — 9.7%
- MS teams: manager trying
to reach you — 9.5%
- IT: internet report — 9.3%
- HR: dress code — 9.2%
- HR: reimbursements — 9.1%
- HR: performance review — 9%
- HR: training past due — 8.3%
advertisement
advertisement
Of the most clicked links in simulated phishing emails, 82% came from
internally themed simulation, while 66% utilized domain spoofing techniques.
"When a message seems routine, such as something from HR or IT, users are less likely to question it,"
says Erich Kron, CISO advisor at KnowBe4, in a statement. "The fact that this trend continues quarter after quarter tells us that this is not just about tricking users, it is about understanding
human behavior.
These results were aggregated from the KnowBe4 HRM+ platform between July 1, 2025, and September 30, 2025.