Half of phishing emails spoof HR: report

Half of all phishing emails use headlines that are related to human resources, according to new research from KnowBe4.

The company’s latest global phishing report for the second quarter found that HR-related email subjects dominate malicious emails. Subjects commonly relate to areas including dress code changes, training notifications and holiday updates.

According to the report, these emails can be effective because they may cause a person to react before thinking critically about the legitimacy of the email.

In a related finding, the report noted that holiday-related phishing email subjects were more common during the quarter, with four in five of these appearing to have come from an organisation’s HR department.

KnowBe4 CEO Stu Sjouwerman said the report found that the threat of phishing emails remains as high as ever.

“The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR — a trusted and crucial department of so many, if not all organisations,” he said.

“These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organisation.”

To mitigate the threat, it is critical that organisations ensure employees take part in new-school security awareness training designed to educate users on the most common cyber attacks and threats, Sjouwerman said.

“An educated workforce is an organisation’s best defence and is essential to fostering and maintaining a strong security culture,” he said.

Image credit: iStock.com/MicroStockHub