Human-resources-linked scams, as well as IT-related scams, formed 48.6% of phishing attacks that test subjects* most often fell for
What were the latest phishing tactics in the third quarter of 2024?
One firm has released some information on these tactics based on its own user protection ecosystem and incident reports.
First, *in simulated phishing tests, the most frequently clicked email topics were those faking HR and IT-related matters.
Second, phishing via emails remained among the most prevalent tools for executing cyberattacks in Q3. Common headings usually mentioned matters involving monies, work performance concerns, emergency situations, reminders of job mistakes or delays needing urgent responses, and so on.
Other findings
Third, data for the quarter indicates that email-embedded phishing links were the top attack vector of choice — same as for the previous quarter. These malicious links, PDF attachments and spoofed domains, when interacted with, have often resulted in disastrous cyberattacks, including ransomware attacks and business email compromise.
Fourth, the third quarter of 2024 had revealed a surge, in the firm’s user protection ecosystem, of phishing campaigns leveraging QR codes. Popular QR code phishing subjects have included HR reminders for policy reviews, emails urging targeted recipients to sign an urgent document, and Zoom meeting invitations. These messages, often masqueraded as important communiqué from HR, colleagues or external vendors, which posed substantial risks as they can easily be replicated by malicious actors.
According to Stu Sjouwerman, CEO, KnowBe4, the firm sharing its Q3 phishing trends encountered: “The prevalence of HR and IT-themed phishing attempts, coupled with emerging techniques like QR code integration, presents a complex threat landscape. These tactics are particularly deceptive as they leverage the perceived legitimacy of trusted sources, often prompting hasty actions before verification. In this rapidly changing environment, a well-trained workforce and a robust security culture are not just beneficial — they are essential. By prioritizing human risk management, organizations can effectively build a formidable defense against avoidable cyber threats.”