A recent report conducted by KnowBe4 indicates that cybercriminals are still finding success in conducting phishing attacks through HR-related messages. The report, a security awareness training provider in Tampa, Florida, reveals that approximately 60 per cent of unsuccessful phishing attempts in work environments were masquerading as communications from HR. These deceitful emails featured subject lines pertaining to matters like employee dress codes, vacation policies, performance evaluations, and tax forms.
The study also highlights that nearly one-third of users were susceptible to clicking on dubious links or complying with fraudulent requests. Stu Sjouwerman, CEO of KnowBe4, noted that phishing emails remain a prevalent method for launching malicious attacks on global organizations. Linn Freedman, a partner at the law firm Robinson and Cole, emphasized the effectiveness of such attacks, which prey on people’s concerns about their job performance and changes in their work environment.
Phishing attacks centered around HR topics have been expanding in scope, utilizing subjects like holidays and incentives to capture unsuspecting victims. Remote work has introduced a new level of distraction, which contributes to the susceptibility of employees to falling for phishing scams. To mitigate these risks, it is recommended to implement robust spam filters, enforce multi-factor authentication, educate employees about various phishing schemes, use banners to flag external emails, conduct phishing tests and provide further education, establish clear reporting procedures, and encourage vigilant behavior among employees. Implementing advanced IT tools to identify suspicious emails and incentivizing employee vigilance are also crucial measures to enhance security awareness.
