• by Ray Schultz , July 28, 2023

Cybercriminals have found a way to inveigle people into clicking on links and malicious attachments: pretend they’re from HR, according to KnowBe4’s Q2 2023 top-clicked phishing report.

These HR-related emails include alerts on dress code changes, training notifications, vacation updates and other such topics. 

During this quarter, four out of five of the top holiday email subjects appeared to have come from HR. Incentives related to national holidays such as Juneteenth and the Fourth of July were used as bait for the unsuspecting. 

"The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR — a trusted and crucial department of so many, if not all organizations,” says Stu Sjouwerman, CEO, KnowBe4. 

Sjouwerman adds: “These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organization.” 

Victims tend to react before thinking about whether the email is legitimate, the company says.

The solution: “New-school security awareness training for employees is crucial to help combat phishing and malicious emails by educating users on the most common cyber attacks and threats,” Sjouwerman says.