KnowBe4’s recent quarterly phishing test report has found that emails spoofing HR departments are becoming an increasingly common tactic used by cyber attackers. The report found that 42% of business-related email subject lines studied were related to HR, making it a critical area of concern for businesses. Phishing emails with QR codes have also been a successful tactic, adding another layer of complexity to these threats.
Threat actors often use HR-related email subject lines to evoke an emotional response from employees, such as “Comment was left on your Time Off Request” or “Possible Typo.” These emails may appear to be from a trusted source, but contain malicious links or attachments. The continuous rise in HR-related phishing emails is especially troubling, as they target the very foundation of organizational trust.
To protect your business from phishing attacks, it’s essential to educate employees on how to identify and report suspicious emails. Organizations should make it clear to employees that phishing emails may not be as filled with typos or blatant pleas for money as they used to be. Anti-spam or anti-virus filters can catch some social engineering and phishing attacks, while multifactor authentication can limit attackers’ reach even if the victim clicks a link or scans a QR code.
By taking these steps, you can help protect your business from the growing threat of phishing emails from HR departments.