Cross post from our blog. Users are getting hip to Covid-19 phishing scams but more susceptible to other employee phishing scams. See the infographic for the top ten most social and general phishing email subjects.
KnowBe4’s latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, and ‘in the wild’ attacks .
Phishing email attacks leveraging COVID-19 were on every quarterly report in 2020, but those subjects aren’t as successful a year later. Emails purporting to come from HR and security-related notifications are now on the rise.
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks,” said Stu Sjouwerman, CEO, KnowBe4. “While users are becoming more savvy regarding COVID-19 phishing attacks, there is a steady increase of those falling for security-related email scams. The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check. Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”
LinkedIn phishing messages have dominated the social media category for the last three years. Users may perceive these emails as legitimate since LinkedIn is a professional network, which could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category also include Facebook and Twitter notifications, message alerts and login alerts.