TAFEP Hero Banner 2024 Nov Dec
HR-related email subject lines top the list of phishing tests globally

HR-related email subject lines top the list of phishing tests globally

閱讀中文版本

Cybercriminals are constantly refining their strategies to outsmart email recipients by creating phishing email subjects that are realistic and believable.

Would you tend to open or click on an email link if the subject line was "HR: Important: Dress Code Changes"?

Well, it's likely that you and a lot of others would, as HR-related email subject lines have topped a list of phishing tests globally. 

In KnowBe4's top-clicked phishing report, titled 2023 Phishing by Industry Benchmarking Report, the following are the most-clicked HR-related email subjects that have piqued interest from the recipients:

  • 11% - HR: Important: Dress Code Changes
  • 11% - HR: Please update W4 for file
  • 10% - HR: Vacation Leave Notice: Plan Your Time Off Now!
  • 9% - HR: Vacation Policy Update
  • 9% - HR: Your training is past due

That's a total of 50% of the top responses referring to HR-related topics.

As for the other suspicious subject lines, that were not related to HR, they included:

  • 15% - Possible typo
  • 10% - Adobe Sign: Your Performance Review
  • 9% - Google: You were mentioned in a document: "Strategic Plan Draft"
  • 8% - You Have A New Voicemail
  • 8% - Bad customer review received - Please take action ASAP

As shared in the report: "Cybercriminals are constantly refining their strategies to stay up-to-date with market trends and outsmart end users and organisations by creating phishing email subjects that are realistic and believable. They prey on emotions and aim to cause distress, confusion, panic or even excitement in order to entice someone to click on a phishing link or malicious attachment."

In fact, the findings revealed that nearly one in three users are likely to click on a suspicious link or comply with a fraudulent request.

It was noted that HR-related email subjects tend to be effective because they may cause a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday.

As such, holiday phishing email subjects have also also utilised this past quarter with four out of the five top holiday email subjects appearing to have come from HR, with "HR: Change in Holiday Schedule" being one of the most common ones.

Stu Sjouwerman, CEO, KnowBe4, commented: "The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible. The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR – a trusted and crucial department of so many, if not all organisations."


ALSO READ: How to set an acceptable use policy for newbies to prevent cyberattacks

Lead image / KnowBe4 

Follow us on Telegram and on Instagram @humanresourcesonline for all the latest HR and manpower news from around the region!

Free newsletter

Get the daily lowdown on Asia's top Human Resources stories.

We break down the big and messy topics of the day so you're updated on the most important developments in Asia's Human Resources development – for free.

subscribe now open in new window