KnowBe4 Unveils Q1 2025 Phishing Report: Internal Communications Lead Cyber Threats

KnowBe4 Unveils Q1 2025 Phishing Report: Internal Communications Lead in Cyber Threats

In today's digital landscape, cybersecurity threats are becoming increasingly sophisticated. KnowBe4, a leader in human risk management, has just released its Q1 2025 Phishing Report, shedding light on the ongoing battle against phishing attacks. This report provides insights into how internal communications are exploited by cybercriminals to launch their attacks, reflecting a significant trend that organizations must heed.

Key Findings of the Q1 2025 Report

The report is based on data gathered from the KnowBe4 HRM+ platform, covering the period from January 1 to March 31, 2025. One of the most alarming findings is that over 60% of the phishing simulation failures were linked to emails impersonating internal teams, particularly Human Resources (HR) and Information Technology (IT). Specifically, 60.7% of users clicked on phishing emails that mimicked communication from internal teams, with HR emails accounting for a striking 49.7% of those clicks.

The traditional approach of phishing emails remains a prevalent method for cyberattacks, but attackers have honed their techniques to exploit sentiments of trust and urgency among employees. Cybercriminals craft fraudulent emails that appear legitimate, often using trends relevant to the organization or industry, to lure users into clicking harmful links or downloading malicious attachments. Notable subject lines that were frequently clicked included