Evolution of Phishing Tactics: A Constant Threat to Organizations

Phishing is one of the most commonly used methods for cyberattacks on organizations worldwide. Cybercriminals continuously refine their strategies by staying informed about trends to stay one step ahead of end users and organizations. By providing phishing emails with realistic and credible subjects, cybercriminals pique the interest of unsuspecting employees so they can influence them. They prey on emotions and try to create unrest, confusion, panic, or even excitement, thus enticing someone to click on a link or harmful attachment. According to KnowBe4's 2023 Phishing by Industry Benchmarking report, nearly one in three users is likely to click on a suspicious link or respond to a fraudulent request.

Phishing tactics are constantly changing. Subjects that appear to come from HR and relate to dress codes, training, and vacations are on the rise. These subjects are effective because they can prompt someone to react before they logically consider the legitimacy of the email. This is because they also impact an employee's personal life and workday.

Phishing Trends: Vacation, Holidays, and Disguised Emails as the Biggest Bait

The report also shows that phishing emails with vacation subjects are being used. Subjects referring to national holidays such as Liberation Day, vacations, and schedule changes are used as bait. The report further reflects the trend of using notifications from IT departments and online services and subjects related to taxes.

"The threat of phishing remains unrelentingly high. Cybercriminals constantly adapt their messages to appear more credible," says Stu Sjouwerman, CEO of KnowBe4. "The phishing trend emerging in the Q2 phishing report is particularly concerning because 50% of these emails appear to come from HR: a trusted department for many, if not all organizations. These disguised emails exploit employees' trust and prompt actions that can have disastrous consequences for organizations. Security awareness training is crucial to combat phishing and harmful emails, as it informs users about the most common cyberattacks and threats. Well-trained staff is the best defense of an organization and is essential for promoting and maintaining a strong security culture."

About KnowBe4
KnowBe4, the provider of the world's largest platform for security awareness training and simulated phishing, is used by over 60,000 organizations worldwide. KnowBe4 was founded by IT and data security specialist Stu Sjouwerman and helps organizations address the human element of security. It does this by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new approach to security awareness training. Kevin Mitnick, an internationally recognized cybersecurity specialist and Chief Hacking Officer of KnowBe4, helped develop the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.