IT Brief Asia - Technology news for CIOs & IT decision-makers
Asia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Ransomware
#
Advanced Persistent Threat Protection
#
Email Security

KnowBe4 report finds rise in HR & IT email phishing

Tue, 10th Dec 2024
Author image
By Sean Mitchell, Publisher

KnowBe4's Q3 2024 Phishing Report highlights the prevalence of HR and IT-related emails in phishing attempts, with a notable rise in QR code phishing.

According to the report, HR and IT-related phishing emails account for a significant 48.6% of top-clicked phishing types globally. Despite the evolving techniques employed by cybercriminals, phishing emails continue to serve as a common method for executing cyberattacks. The 2024 Phishing by Industry Benchmarking Report shares that approximately one in three users might engage with malicious links or fraudulent requests, highlighting the cunning nature of these threats which exploit human emotions and the sense of urgency.

The report identifies email-embedded phishing links as the primary attack vector. These malicious links, along with PDF attachments and spoofed domains, are capable of causing substantial harm, such as ransomware attacks and business email compromise, when users interact with them. Additionally, there has been a marked increase in phishing campaigns using QR codes as a tool. Frequently encountered QR code phishing subjects include HR reminders about policy reviews, DocuSign emails requiring urgent document signing, and Zoom meeting invitations. Such messages may falsely appear as communications from HR, colleagues, or external vendors, thus presenting a significant risk.

Stu Sjouwerman, CEO of KnowBe4, commented on these findings, "Our latest phishing report underscores the evolving sophistication of phishing tactics, with cybercriminals increasingly exploiting the trust employees place in internal communications. The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial—they are essential. By prioritising human risk management, organisations can effectively build a formidable defence against avoidable cyberthreats."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Financial sector's growing focus on cloud resiliency in 2023
SAP Concur reveals 2025 predictions for T&E management
Global Internet traffic up 17% in Cloudflare's 2024 review
SAP Concur forecasts 2025 trends in travel management tech
Victoria Dimmick appointed CEO to lead Titania's growth
Top stories
Cybersecurity trends 2025: AI, consolidation, nation-states
Wolters Kluwer unveils new TeamMate+ audit features
RapidCanvas secures USD $16 million to advance AI solutions
Eric Sydell on the future of scalable AI in businesses
Firms enforcing office-only work face higher staff turnover