It’s no secret that scammers are getting smarter, and their favourite trick right now? Fake HR emails. According to research provided by our partner at KnowBe4, these dodgy emails are the top choice for phishing scams, fooling people worldwide.

So, what’s the deal with these emails? They look like they’re from your HR or IT department, asking you to do something urgent like update your tax info or check new dress code rules. They play on your emotions, making you react quickly without thinking… and that’s where they get you.

The Research

KnowBe4’s 2023 Phishing by Industry Benchmarking Report shows that almost a third of us might click on these tricky links or follow fake requests. Cybercriminals know this and use high-tech tools, even advanced forms of AI these days, to create more convincing scams. HR-related phishing emails lead the pack at 42%, followed by IT-related ones at 30%.

These scams work because they seem legit and urgent. Think about it: an email from HR about a new training session or a tax update feels important, right? That’s why we often click without checking.

Recently, phishing emails have also targeted personal info like healthcare and ApplePay, making people panic and act fast. Stu Sjouwerman, CEO of KnowBe4, explains that these emails are dangerous because they come from trusted sources like HR or IT. They trick employees into acting quickly, which can expose a company to cyberattacks.

That’s why having a well-trained team is so crucial. It helps build a strong security culture and protects against these types of attacks. It’s something every business needs to have as part of their cyber security stack, and this is where we can help!

Phishing at Work and How to Manage It

Phishing scams aren’t new. We’ve all seen those emails from a ‘prince’ needing help or fake HMRC calls about taxes. But scammers are getting better at making their messages look real. They might use a friend’s name or include genuine business links, fooling even the savviest among us.

In 2023, Frank Lombardo from Insignia Financial suggested that employees who repeatedly fall for these scams might face serious consequences, like losing their jobs. He believes regular Phishing Tests and Awareness Training are key to keeping companies safe.

How can I tell if an email from HR is a phishing scam?

Look out for urgent requests or unusual attachments. Always double-check the sender’s email address and never click on links or download files from unknown sources. If unsure, contact your HR department directly using a trusted method.

What should I do if I click on a phishing link?

Don’t panic. If you don’t have any policies in place, at the very least you should change your passwords, especially for any accounts that might have been compromised and report it to your IT department or security team as soon as possible.

Phishing scams, especially fake HR emails, are getting more sophisticated. The key lesson here is to stay vigilant and always double-check before clicking on anything suspicious. At PhishFrenzy, we understand these threats and are here to help. Reach out to us today to discuss how our security awareness training can be adapted and help protect your organisation from cyber threats.