Skip to main content

Workers are still falling for obvious phishing attacks

(Image credit: Shutterstock)

Regardless of how obvious a phishing attempt may be, some employees will still happily click away, putting themselves and their organization at risk of data theft.

This is according to a new report from cybersecurity firm KnowBe4, which claims phishing email attacks related to HR topics (for example, an email discussing new policies affecting everyone in a company) are still highly successful.

Phishing emails that invite victims to change their “compromised” passwords are also quite popular.

On the other hand, the number of phishing attempts that play on a Covid-19-related themes has dropped significantly, as employees became increasingly alert to the threat.

“With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks,” said Stu Sjouwerman, CEO, KnowBe4.

“These days, it is especially important for all end users to take a moment to double-check a link or attachment and to question whether the email is expected or unexpected. Employees are truly an organization’s last line of defense. They can be the difference between a successful attack and an unsuccessful one with proper security awareness training and testing.”

Analyzing in-the-wild phishing email subject lines, KnowBe4 found these to be most prevalent:

  • Zoom: Important issue
  • IT: Information Security Policy Review
  • Mastercard: Confirmation: Your One-Time Password
  • Facebook: Your account has been temporarily locked
  • Google: Take action to secure your compromised passwords
  • Microsoft: Help us protect you - Turn on 2-step verification to protect your account
  • Docusign: Lucile Green requests you to sign Mandatory Security Training documents
  • Internship Program
  • IT: Remote working missing updates
  • HR: Electronic Implementation of new HRIS

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.