Phishing emails that appear to be internal and come from the IT or HR department are the emails that trick the most users, according to KnowBe4’s Q1 2025 Phishing Report.
Over 60% of emails that tricked users into clicking mentioned an internal team and almost 50% specifically mentioned HR. The subject lines that got the most clicks were “zoom clips” from managers, reports on HR training, and email server warnings.
Fake login pages that appear to come from Microsoft, LinkedIn, and Google are also things that fool many people.
The report also shows that many users are tricked into scanning QR codes in phishing emails — one of several methods by which cybercriminals are making phishing more potent. The most common QR codes scanned were to access a new alcohol and drug policy from HR (14.7%), a DocuSign request for review and signature (13.7%), and a birthday greeting from a (fake) colleague (12.7%).
The original article found on The most effective phishing QR code is a new drug and alcohol policy supposedly from HR | CSO Online Read More
