Social engineering attacks have been cited as one of the most common methods employed by cyber-criminals trying to infiltrate corporate walls and carry out illicit activities.

Phishing threast cyber crime

The warning comes off the back of the results of a Q3 report on phishing published by security awareness training platform, KnowBe4.

The Florida-based cyber-protections firm is now underlining how IT chiefs and business leaders need to educate themselves on the real and evolving threat posed by an increasingly sophisticated net-based criminal element that is taking advantage of the confusion caused by the pandemic.

KnowBe4 CEO, Stu Sjouwerman, said:

“Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage.

“We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns.

“By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click,” Sjouwerman added.

Top 10 Email Categories Globally

  1. Business
  2. Online Services
  3. Human Resources
  4. IT
  5. Banking and Finance
  6. Coronavirus/COVID-19 Phishing
  7. Mail Notifications
  8. Phishing for Sensitive Information
  9. Social Networking
  10. Brand Knockoffs

Top phishing email subjects were also broken out, comparing those in the US to those in Europe, the Middle East and Africa (EMEA). In Q3 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests.

In the US, most of the email subjects appear to originate from the users’ organisation. However, in EMEA, the top subjects are related to users’ everyday tasks. The organisation also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious.

Top Phishing Email Subjects

US

  1. Vacation Policy Update
  2. Password Check Required Immediately
  3. Important: Dress Code Changes
  4. Acknowledge Your Appraisal
  5. Remote Working Satisfaction Survey

EMEA

  1. Your Document is Complete - Save Copy
  2. Stefani has endorsed you!
  3. You have requested a reset to your LinkedIn password
  4. Windows 10 Upgrade Error
  5. Internet Capacity Warning