Cybersecurity platform KnowBe4 has released its Q3 2024 Phishing Report findings revealing that HR and IT-related phishing emails claim a significant 48.6% share of top-clicked phishing types globally.
According to KnowBe4 despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks, and its 2024 Phishing by Industry Benchmarking Report reveals that about one in three users is susceptible to interacting with malicious links or fraudulent requests.
“Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments,” warns KnowBe4.
KnowBe4 explains that the report spotlights the ongoing threat posed by email-embedded phishing links, which continue to be the top attack vector of choice - and these “malicious links, PDF attachments and spoofed domains, when interacted with, often result in disastrous cyberattacks, including ransomware attacks and business email compromise”.
{loadposition peter}
“The report also reveals a surge in phishing campaigns leveraging QR codes. Popular QR code phishing subjects include HR reminders for policy reviews, DocuSign emails to sign an urgent document, and Zoom meeting invitations. These messages, often masquerading as communication from HR, colleagues or external vendors, pose substantial risks as they can easily be replicated by malicious actors,” notes KnowBe4.
"Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications," said Stu Sjouwerman, CEO of KnowBe4.
"The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritising human risk management, organisations can effectively build a formidable defence against avoidable cyberthreats."
To download a copy of the Q3 2024 KnowBe4PhishingReport infographic, visit here.