KnowBe4's Q3 2025 Report Highlights Internal Phishing Trends Among Employees

KnowBe4's Q3 2025 Phishing Roundup

In an era where cyber threats are becoming more sophisticated, KnowBe4, a leading cybersecurity platform, has released its Q3 2025 Phishing Roundup revealing troubling insights into how internal references are exploited for phishing attacks. The study highlights that personalized emails simulating communication from colleagues, particularly from HR and IT departments, have significantly increased click-through rates among employees.

Key Insights from the Report

The research, aggregating data from the KnowBe4 HRM+ platform between July 1 and September 30, 2025, indicates a striking trend: 90% of the most-clicked subject lines referenced internal topics, with HR mentioned in nearly half of the most fraudulent communications. This suggests that attackers are increasingly leveraging familiarity and trust to compromise users, which should raise alarms about workplace cybersecurity training systems.

Personalization is Key

One notable finding illustrates that the personalization of phishing emails correlates directly with user interaction. Two of the top subject lines included the recipients’ company name, showcasing how personalization increases the perceived legitimacy of these emails. With the vast majority of employees conditioned to trust internal communications, the risk of falling victim to such schemes has escalated.

Branded Content and its Impact

The study also shed light on the effectiveness of branded landing pages. Roughly 70% of interactions with simulated landing pages featured well-known brands. Microsoft notably emerged as the most spoofed brand, accounting for 25% of these interactions, followed closely by LinkedIn, X, Okta, and Amazon. Such tactics exemplify how cybercriminals utilize the credibility of recognizable brands to enhance their schemes.

The Role of Attachment Types

Delving deeper into the report, it was revealed that PDFs were the most opened attachment type, constituting 56% of the most engaged files in simulated phishing emails. These were followed by Word documents (25%) and HTML files (19%). The preference for PDF attachments may reflect their perceived security, making attackers’ manipulation more effective.

A Call for Action

Citing the persistent nature of phishing threats, Erich Kron, CISO advisor at KnowBe4, emphasized the urgency for organizations to adapt their training processes. He noted, “When a message seems routine, such as from HR or IT, users are less likely to question it.” This highlights the need for ongoing awareness training to address not only technical defenses but also human behavior, which is often the weakest link.

Conclusion

With cyber threats continuously evolving, the findings from KnowBe4's Q3 report serve as a wake-up call for organizations globally. As internal phishing techniques become more refined, it's clear that a robust security culture anchored in regular training and user awareness is essential for mitigating these risks. Companies must not only equip their employees with tools to recognize phishing attempts but foster an environment where skepticism towards unsolicited internal communications can be raised.

In conclusion, KnowBe4 aims to shift the perspective on cybersecurity from a chore to an integral aspect of the workplace. By empowering employees to make informed decisions, organizations can transform their workforce from being a prime target to becoming a formidable line of defense against phishing threats.

For more insights, download the complete Q3 2025 Phishing Roundup from KnowBe4's website.