Findings highlight need for users to be educated on how to avoid phishing and other social engineering attacks
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, reviewed the results of tens of thousands of simulated phishing tests over the course of Q2 2019 and found that more than 50 percent of those related to social media had “LinkedIn” in the title. With this information, organizations need to train their users how to recognize and manage phishing emails that come into the corporate network.
KnowBe4’s analysis shows that of social media phishing tests those with “LinkedIn” in the subject line totaled more than 56 percent, more than all other social media phishing tests combined. This isn’t surprising as social media phishing attacks are growing at a remarkable rate of 75 percent in 2019. When combined with Shadow IT concerns that prevent IT and security departments from managing and monitoring services and apps users bring into the corporate environment – such as social networks on their mobile phones – it becomes more important than ever that users are educated about how to avoid a phishing or social engineering attack.
“It feels good to ‘join my network’ or connect with someone in some way – that’s why social media phishing attacks are so successful,” said Stu Sjouwerman, CEO of KnowBe4. “Users innately trust their ‘verified’ contacts so are more apt to click on a link that come from someone they know. It’s becoming harder to identify phishing attacks, but our users are smarter than the bad guys think and can absolutely be trained to identify and avoid phishing and social engineering attacks."
The top clicked social media phishing tests that KnowBe4 identified are:
- LinkedIn: 56%
- Login alert for Chrome on Motorola Moto X: 9%
- 55th Anniversay and Pizza Party: 8%
- Your Friend Tagged a Photo of You: 8%
- Facebook Password Reset Verification: 8%
- Your password was successfully reset: 6%
- New Voice Message At 1:23 AM: 5%
*Capitalization and spelling are as they were in the phishing test subject line.
In addition to examining phishing subject lines related to social media, KnowBe4 found that phishing tests that focused on password management were successful, with 35 percent of users clicking. Additionally, in-the-wild attacks – those that were actual phishing emails and not KnowBe4 testing emails – found greatest success when they asked for action from the recipient, such as being invited to share an Outlook calendar or being assigned a task in a Microsoft platform.
KnowBe4 understands that users are an organization’s last line of defense and are most successful when they are consistently trained and tested on the latest phishing threats. To further support their mission to help organizations improve their security, KnowBe4 introduced its Social Media Phishing Test in Summer 2019. The free test was created to help IT and security professionals at organizations of all sizes better identify users who are likely to fall for a phishing email that looks like it originated from a credible social media site such as Facebook, LinkedIn or Twitter.
About KnowBe4
KnowBe4, the provider of the world’s largest integrated security awareness training and simulated phishing platform, is used by more than 26,000 organizations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognized computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Tens of thousands of organizations worldwide trust KnowBe4 to mobilize their employees as their last line of defense.
Number 96 on the 2018 Inc. 500 list, #34 on 2018 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England, the Netherlands, Germany and offices in Brazil, South Africa and Singapore.