2 hours Ago
Report reveals the most deceptive email subjects end users click, with internal communications driving 60% of phishing failures TAMPA BAY, Fla. , April 28, 2025 /PRNewswire/ -- KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released its Q1 2025 Phishing Report . This quarter's findings reveal the most deceptive email subjects users click in phishing simulations, indicating HR and IT-related emails account for over 60% of top-clicked phishing emails.
All data for this report was taken from the KnowBe4 HRM+ platform between January 1, 2025 , and March 31, 2025 . KnowBe4's Q1 2025 Phishing Report reveals that impersonating internal communications, such as from HR or IT, received the most failures. An overwhelming 60.
7% of the simulations clicked mentioned an internal team and 49.7% mentioned HR specifically. Despite evolving techniques by bad actors, phishing emails remain among the most prevalent tools for executing cyberattacks.
Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into clicking malicious links or opening harmful attachments. Top reported subjects included "Zoom Clips" from managers, HR training reports, and mail server warnings. The report highlights the ongoing threat posed by email-embedded phishing links, which continue to be a primary attack tactic.
Analysis shows people were more likely to click on links related to internal topics or impersonating known brands (61.6%), with 68.6% involving domain spoofing.
Organizations are highly susceptible to branded landing pages from Microsoft, LinkedIn and Google, which ranked as the top three most effective phishing destinations for harvesting credentials. The report also reveals people's continued susceptibility to phishing emails leveraging QR codes. The top three QR codes people scanned in simulations related to: a new drug and alcohol policy from HR (14.
7%), a DocuSign for review and signing (13.7%) and a Workday happy birthday message (12.7%).
In attachment-based campaigns, people were most likely to open PDFs (53%), HTML files (28.5%) and Word files (18.5%).
"It is evident that attackers understand that employees are conditioned to respond quickly to messages that appear to come from HR or IT, and trust branded content from platforms they use daily like Microsoft, LinkedIn and Google," said Stu Sjouwerman , CEO of KnowBe4. "The psychological sophistication behind these attacks demonstrates why human risk management must be central to cybersecurity strategy. Organizations must respond by cultivating a security culture that encourages healthy skepticism and verification habits, where employees feel empowered to verify suspicious communications, even when they appear to come from leadership or critical internal departments.
" To download a copy of the Q1 2025 KnowBe4 Phishing Report infographic, visit here . About KnowBe4 KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organizations worldwide, KnowBe4 helps to strengthen security culture and manage human risk.
KnowBe4 offers a comprehensive AI-driven 'best-of-suite' platform for Human Risk Management, creating an adaptive defense layer that fortifies user behavior against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As the only global security platform of its kind, KnowBe4 utilizes personalized and relevant cybersecurity protection content, tools and techniques to mobilize workforces to transform from the largest attack surface to an organization's biggest asset.
Media Contact: Kathy Wattman SVP of Public Relations [email protected] 727-474-9950 SOURCE KnowBe4 Inc..
