Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    KnowBe4 Press Releases

    • Press Releases
      • /
    • KnowBe4 Research Reveals Personalized Phishing Emails Using the Company Name Dominate

    KnowBe4 Research Reveals Personalized Phishing Emails Using the Company Name Dominate

    TAMPA BAY, FL | Oct 30, 2025

    The Q3 2025 Phishing Simulation Roundup reveals people interacted most with emails that impersonated colleagues or referenced internal systems or topics

    KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human and AI agent risk management, today released its Q3 2025 Phishing Roundup. The research reveals that simulated phishing emails personalized to appear from internal departments, particularly HR and IT, continue to drive the highest user interaction rates, highlighting a persistent trend of employee vulnerability to techniques exploiting familiarity. All of the data for this roundup was aggregated from the KnowBe4 HRM+ platform between July 1, 2025, and September 30, 2025. final Q3-2025_Phishing-Report-Infographic_EN

    Key Findings from the Q3 Roundup:

    Internal Topics Dominate

    • Personalization increased click rate in simulated phishing emails - the two most-clicked subject lines contained the recipients’ company name.
    • Internal topics made up 90% of most-clicked subject lines and HR was cited in 45% of the top 10 most-clicked emails.

    Branded Landing Pages

    • 70% of simulated landing page interactions involved branded content.
    • Microsoft was the most common brand, accounting for 25%, followed by LinkedIn, X, Okta, and Amazon.

    Top Clicked Hyperlinks

    • 82% of the top 20 clicked links in simulated phishing emails came from internally themed simulations.
    • 66% used domain spoofing techniques.

    Attachment Interactions

    • PDFs comprised 56% of the top 20 attachments opened in simulated phishing emails, followed by Word documents (25%) and HTML files (19%).

    “When a message seems routine, such as something from HR or IT, users are less likely to question it,” said Erich Kron, CISO advisor at KnowBe4. “The fact that this trend continues quarter after quarter tells us that this is not just about tricking users, it is about understanding human behavior. That is exactly why KnowBe4's human and agentic AI risk management platform addresses both training and behavior change to build lasting security resilience.”

    Download a copy of the Q3 2025 KnowBe4 Simulated Phishing Roundup here

    About KnowBe4

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    More info at www.knowbe4.com. Follow KnowBe4 on LinkedIn and X.