The results of the Q1 2023 top-clicked phishing report have been released by KnowBe4 and include the top email subjects clicked on in phishing tests from organisations. It showcases the shift in phishing topics to IT and online service notifications such as laptop refresh or account suspension notifications that can affect end users’ daily work.
Phishing emails continue to be one of the most common methods to effectively perpetuate malicious attacks on organisations around the globe. Cybercriminals are always refining their strategies to stay one step ahead of end users and organisations by changing phishing email subjects to be more believable.
They prey on emotions and aim to cause distress or confusion in order to entice someone to click. Phishing tactics are changing with the increasing trend of cybercriminals using email subjects related to IT and online services such as password change requirements, Zoom meeting invitations, security alerts and more. These are effective because they would impact an end users’ daily workday and subsequent tasks to be completed.
Holiday phishing email subjects were also utilised this quarter with incentives such as a change in schedule, gift card and spa package giveaway used as bait for unsuspecting end users. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1.
“Cybercriminals are constantly increasing the damage they cause to organisations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” said Stu Sjouwerman, CEO, KnowBe4. “Emails that are disguised as coming from an internal source such as the IT department are especially dangerous because they appear to come from a more trusted, familiar place where an employee would not necessarily question it or be as skeptical.
“Building up an organisation’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”