Stu Sjouwerman, CEO of KnowBe4.

Phishing emails continue to be a popular and successful tactic for cyber criminals to launch detrimental attacks on organisations around the world.

These bad actors are always evolving their strategies, responding to current market trends and outwitting both end users and organisations by creating phishing email subject lines that appear genuine and convincing, according to security experts.

A new report warns businesses about phishing attacks and social engineering scams, claiming that criminals frequently "exploit human emotions, aiming to elicit feelings of urgency, confusion, anxiety, or even excitement, all in an attempt to lure recipients into clicking on malicious links or opening harmful attachments."

The magnitude of this threat is highlighted by KnowBe4's 2024 Phishing by Industry Benchmarking Report, which notes that one in every three users is prone to interacting with suspicious links or complying with fraudulent requests.

According to KnowBe4, human resources (HR)-related email subjects have been increasingly popular as a phishing method among cyber criminals in the previous year, notably those referring to dress code changes, training announcements, vacation updates, and more.

“These are effective because they may provoke a person to react before thinking logically about the legitimacy of the email and have the potential to impact an employee's personal life and professional workday,” says the company.

Also, KnowBe4, a security awareness training and simulated phishing platform provider, cautions that QR codes in phishing emails are a growing threat, with cyber criminals attempting to use them to extract personal information or steal money from unsuspecting employees and organisations.

It says: “Prominent email subjects prompting employees to scan QR codes included MFA migrations, reminders from HR, and password expiration notifications.

Furthermore, KnowBe4 states that the data reveals a steady trend of using IT and online service notifications, as well as tax-related email subjects.

"Phishing tactics are ever evolving and continue to pose a significant threat to organisations worldwide,” says Stu Sjouwerman, CEO at KnowBe4. “We're seeing cyber criminals adapt their strategies at an alarming speed.”

He continues: “The continuous rise in HR related phishing emails is especially troubling, as they target the very foundation of organisational trust. Moreover, the increase of QR codes in phishing attempts adds another layer of complexity to these threats.

“In this environment, it's crucial for organisations to prioritize comprehensive security awareness training. By educating employees about these and other emerging tactics, and cultivating a strong security culture, organisations can mitigate the human risk that exists within.”