Cybersecurity company KnowBe4 recently unveiled findings from its Q1 2025 Phishing Report, revealing a startling trend in phishing attacks. Spoiler alert: if you’re in HR, you might be in the crosshairs!
Key Points
- HR is the most commonly spoofed department in successful phishing campaigns.
- 60% of simulated phishing emails mentioned an internal team, 49.7% of which referenced HR.
- Phishing emails that referenced popular platforms like Microsoft, LinkedIn, and Google were particularly effective.
- Email subject lines featuring “Zoom Clips” from managers and HR training reports were the most frequently clicked.
- QR codes linked to new HR policies and Docusign were among the most scanned by employees.
- PPTs are the most opened attachment types, with PDFs at 53%, HTML files at 28.5%, and Word files at 18.5%.
Content Summary
According to KnowBe4’s analysis, phishing attacks are alarmingly effective when masquerading as HR communications. Between January and March 2025, the data showed a significant percentage of employees responded to simulated phishing emails, especially those citing internal team matters. Not only do attackers leverage domain spoofing, but they also create malicious landing pages that mimic reputable services like Microsoft and Google to deceive users into clicking links.
Moreover, individuals are becoming more susceptible to phishing schemes involving QR codes, with many employees scanning these codes out of trust for internal communications. The report highlights the need for organisations to foster a culture of cybersecurity awareness to mitigate these risks.
Why should I read this?
This article is crucial for anyone working in or with procurement and HR departments! Understanding these phishing tactics can help you fortify your company’s defences and protect sensitive information. You’ll save time and potentially a heap of trouble by learning from others’ experiences!