Phishing Test Results Reveal IT and Online Services Emails Drive Dangerous Attack Trend

Results of KnowBe4’s Phishing Tests Show That Emails from IT and Digital Services Drive a Dangerous Attack Trend

When KnowBe4 released its Q1 2023 global phishing report, it discovered that more email subjects related to IT and online services were being used as phishing tactics.

When KnowBe4 released its Q1 2023 global phishing report, it discovered that more email subjects related to IT and online services were being used as phishing tactics.

The findings of its Q1 2023 top-clicked phishing report were released by KnowBe4, the maker of the largest security awareness training and simulated phishing platform in the world. The findings include the most popular email topics clicked in phishing tests and show a shift to IT and online service notifications, such as laptop refresh or account suspension notifications, which can have an impact on end users’ daily tasks.

Phishing emails are still one of the most popular ways to sustain malicious attacks on businesses all over the world. By altering the subject lines of phishing emails to make them seem more legitimate, cybercriminals are constantly improving their techniques to stay one step ahead of end users and organisations. In order to get someone to click, they prey on emotions and try to upset or confuse them. Phishing techniques are evolving as online criminals increasingly send emails with subjects related to IT and online services, such as requests for password changes, invitations to Zoom meetings, security alerts, and more. These are efficient because they would affect an end user’s regular workday and ensuing tasks.

This quarter, holiday-themed phishing email subjects were also used, luring unsuspecting end users with promises of schedule changes, gift cards, and spa packages. As the United States prepared for tax season in Q1, email subjects pertaining to taxes increased in popularity.

“Cybercriminals are continuously escalating the harm they do to organisations by tricking unwary workers into clicking on harmful links or downloading phoney attachments that seem realistic,” said Stu Sjouwerman, CEO of KnowBe4. “Emails that appear to come from an internal source, such as the IT department, are particularly risky because they give the impression of coming from a more reliable, well-known source, making it less likely that a worker will question or be suspicious of them. To defeat malicious actors, an organization’s human firewall must be strengthened by fostering a strong security culture.