Employees fall for scam emails 'sent' by HR or IT


Monday, 01 August, 2022

Employees fall for scam emails 'sent' by HR or IT

While most of us know not to click on links in text messages about orders we’ve never placed or those claiming we’ve won a prize, business phishing emails are more frequently catching the unwary.

Security awarness trainer KnowBe4 conducted testing to determine the susceptibility of employees, including discovery of the most clicked email subjects. Half of those emails clicked contained subject lines related to HR, including vacation policy updates, dress code changes and upcoming performance reviews. IT requests — including subject lines relating to password verifications — were also able to easily fool test respondents. Full details are available here.

The company says business phishing emails are particularly effective because they could potentially affect the user’s daily work, enticing employees to react quickly before thinking logically about the email’s legitimacy. The email source may be hidden by a spoofed domain, making it even easier to miss, and may even have the company name and logo (and sometimes even the employee’s name) in the email body. Most include a phishing hyperlink in the email or a supposed PDF attachment.

“We already know that more than 80% of company data breaches globally come from human error,” said Stu Sjouwerman, KnowBe4’s CEO.

“New-school security awareness training your staff is one of the least costly and most effective methods to thwart social engineering attacks. Training gives employees the ability to rapidly recognise a suspicious email, even if it appears to come from an internal source, causing them to pause before clicking. That moment where they stop and question the email is a critical and often overlooked element of security culture that could significantly reduce your risk surface.”

Image credit: ©stock.adobe.com/au/yingyaipumi

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd