New research has revealed the top email subjects clicked on in phishing tests were those related or from Human Resources, according to the latest ‘most clicked phishing tests‘ conducted by KnowBe4. In fact, half of those that were clicked on had subject lines related to Human Resources, including vacation policy updates, dress code changes, and upcoming performance reviews. The second most clicked category were those send from IT, which include requests or actions of password verifications that were needed immediately.
“We already know that more than 80% of company data breaches globally come from human error,” said Stu Sjouwerman, KnowBe4’s CEO. “New-school security awareness training your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognize a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”
To add, KnowBe4 also stated the number one attack threat in the past quarter from their phishing tests and those seen in the wild are phishing links in the email body. As we are all aware, once this malicious links are clicked in the real world, they often lead to disastrous consequences like ransomware attacks or data breaches.
This research comes hot off the heels of the recent KnowBe4 industry benchmarking report which found one in three untrained employees will click on a phishing link. The worst performing industries were Energy & Utilities, Insurance and Consulting, with all labelled the most at risk for social engineering in the large enterprise category. Stu added: “With the steep cost of cyberattacks, this is deeply concerning. Given that most data breaches originate from social engineering, we cannot afford to omit the human element. Implementing security awareness training with simulated phishing testing will help to better protect organizations against cyber attacks and result in a more secure organizational culture.”