HR-related topics are the most commonly used among hackers to enable phishing attacks. The tactic is far from new, but it generates successful attacks time and again.
Those are the findings from research done by KnowBe4. E-mail phishing is still very popular among hackers and generates a lot of success for cybercriminals. Just over half of phishing emails, which are intended to prompt users to open a malicious link or attachment, had an HR topic in the third quarter of this year. Think topics such as dress code changes, training arrangements and updates on vacations.
Confidence in internal communication
KnowBe4 researchers additionally indicate that HR-related phishing activities have been on the rise for the past two quarters. Hackers see the subjects as favorites because the logic behind them is sound. HR e-mails affects employees directly in their daily work and personal lives. Therefore, they tend to open these types of rogue emails immediately.
In this way, hackers seek to further exploit employees’ trust in their companies’ internal communications, ensuring that recipients interact with the malicious content that this type of email spreads.
Furthermore, the study notes that hackers are increasingly adapting their phishing email to the season or soon-to-be festivities, such as Halloween or Christmas.
Also read: What does effective security awareness training look like?