Hackers often use HR-related topics for their phishing emails.
That’s according to security awareness player KnowBe4. In its research, KnowBe4 indicates that half of all malicious emails contain HR-related topics. Think announcements about dress codes, training or vacations.
About 50 percent of all phishing emails were related to HR topics, the researchers state in their report. Other popular phishing topics were related to taxes.
Topics that affect people
According to KnowBe4, HR-related topics are very effective at making a phishing attack succeed. These topics can more easily persuade victims to react, such as clicking on a rogue link, before they consider the legitimacy of the email in question. This is especially tricky for victims given these topics affect employees’ private lives and work time.
The fact that hackers are using HR topics more often in their attacks is also a result of them increasingly refining their attacks and providing them with realistic and credible topics. According to KnowBe4, in this way they want to be one step ahead of end users and companies.
Paying attention to emotions that can cause agitation, confusion, panic or even excitement are popular to entice individuals to click on malicious links or attachments.
Knowbe4 also looked at the most popular attack vectors in its research. For the past second quarter of 2023, these were first and foremost malicious links, followed by spoof domains. Other popular vectors were PDF and HTML attachments and clickable manipulated logos.