KnowBe4 releases Q3 2022 global phishing report and finds that more business-related email subjects are utilized as a phishing strategy
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q3 2022 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests and reflect the shift from personal to business-related email subjects including internal requests and updates from Human Resources, IT and managers.
Phishing emails regularly plague organizations around the globe. New research from cloud and email security specialist Avanan reveals that nearly 19% of phishing emails were bypassed by the anti-malware app, Microsoft Defender. This is a key indicator as to why technology and email filters cannot be relied on as a sole method of protection against malicious emails.
Business phishing emails have always been effective and continue to be successful because of their potential to affect a user’s workday and routine. This quarter’s phishing test results reveal that 40% of email subjects are HR related, creating a sense of urgency in users to act quickly, sometimes before thinking logically and taking the time to question the email’s legitimacy. This year’s phishing test also revealed the top vector for this quarter to be phishing links in the body of an email. These combined tactics can have destructive outcomes for organizations and lead to a multitude of cyberattacks such as ransomware and business email compromise.
Along with reflecting a shift towards the use of more business-related emails, this quarter’s phishing test reveals a shift away from the use of personal-related emails such as those from social media. In fact, Q3’s phishing report is the first of this year that does not attribute social networking or social media sites as a top email subject category.
“As phishing emails evolve and become more sophisticated, it is imperative that organizations prioritize security awareness training for all employees, now more than ever,” said Stu Sjouwerman, CEO, KnowBe4. “Phishing emails that disguise themselves as internal communications are especially concerning since they are sure to grab the attention of users and typically incite action. New-school security awareness training for employees helps combat phishing and malicious emails by educating users on what to look out for— it is the key to creating a healthy level of skepticism to better protect an organization and build a stronger security culture.”
To download a copy of the KnowBe4 Phishing Infographic, visit KnowBe4.
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 52,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.