QR Codes in Malicious Emails Gaining Traction
07.08.2024 - 15:05:41KnowBe4 Releases Q2 Quarterly Phishing Test Results
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q2 2024 top-clicked phishing report. The results include the top email subjects clicked on in phishing tests showing HR business-related messages are still provoking the most action from employees leading to potentially harmful results.
Phishing emails remain a prevalent and effective tool for cybercriminals to launch malicious attacks on organizations worldwide. These bad actors continuously evolve their tactics, adapting to current market trends and outsmarting both end users and organizations by crafting phishing email subjects that appear authentic and credible. Their strategies often exploit human emotions, aiming to elicit feelings of urgency, confusion, anxiety, or even excitement, all in an attempt to lure recipients into clicking on malicious links or opening harmful attachments. The severity of this threat is underscored by KnowBe4's 2024 Phishing by Industry Benchmarking Report, which reveals that approximately one out of every three users is prone to interacting with suspicious links or complying with fraudulent requests.
HR related email subjects have become increasingly popular as a phishing tactic with cybercriminals over the last year, particularly those relating to dress code changes, training notifications, vacation updates and more. These are effective because they may provoke a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday.
included in phishing emails are a growing concern with cybercriminals attempting to use these to extract sensitive information or steal money from unsuspecting employees and organizations. Prominent email subjects prompting employees to scan QR codes included MFA migrations, reminders from HR, and password expiration notifications. Additionally, the data reflects the consistent trend of utilizing IT and online service notifications as well as tax-related email subjects."Phishing tactics are ever evolving and continue to pose a significant threat to organizations worldwide,” said Stu Sjouwerman, CEO at KnowBe4. “We're seeing cybercriminals adapt their strategies at an alarming speed. The continuous rise in HR related phishing emails is especially troubling, as they target the very foundation of organizational trust. Moreover, the increase of QR codes in phishing attempts adds another layer of complexity to these threats. In this environment, it's crucial for organizations to prioritize comprehensive security awareness training. By educating employees about these and other emerging tactics, and cultivating a strong security culture, organizations can mitigate the human risk that exists within.”
To download a copy of the Q2 2024 KnowBe4 Phishing Report infographic, visit here.
About KnowBe4
KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, is used by more than 65,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. The late Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Organizations rely on KnowBe4 to mobilize their end users as their last line of defense and trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
View source version on businesswire.com: https://www.businesswire.com/news/home/20240807446875/en/