The report also found that people are likely to follow malicious links related to internal topics or well-known brands (61.6 percent) and 68.6 percent of links involved domain spoofing. Malicious landing pages pretending to be Microsoft, LinkedIn and Google were found to be the most effective at luring people in. Among actual phishing attacks reported to KnowBe4, email subject lines containing Zoom Clips from managers were the most popular, followed by HR training reports and mail server warnings.
People are also falling prey to phishing emails that contain QR codes. In simulations, the most commonly scanned QR codes were about a new drug and alcohol policy from HR (14.7 percent), a Docusign (13.7 percent) and a Workday happy birthday message (12.7 percent). PDFs were the most commonly opened attachment at 53 percent, followed by HTML files at 28.5 percent and Word files at 18.5 percent.
“It is evident that attackers understand that employees are conditioned to respond quickly to messages that appear to come from HR or IT, and trust branded content from platforms they use daily like Microsoft, LinkedIn and Google,” said KnowBe4 CEO Stu Sjouwerman. “The psychological sophistication behind these attacks demonstrates why human risk management must be central to cybersecurity strategy. Organizations must respond by cultivating a security culture that encourages healthy skepticism and verification habits, where employees feel empowered to verify suspicious communications, even when they appear to come from leadership or critical internal departments.”
