View all newsletters
Receive our newsletter – data, insights and analysis delivered to you

Majority of Successful Phishing Tests Prompt Users to Change Their Password

COVID-19 phishing related attacks were up by an unprecedented 600 percent.

By claudia glover

Nearly half of successful phishing tests state urgent messages prompting victims to change their passwords immediately.

According to a report released today by simulated phishing platform KnowBe4, their most successful simulated phishing attack was an email prompting users to change their passwords.

Forty percent of successful social media related phishing tests used LinkedIn as a lure, tempting duplicitous clicks from users with promises of new profile views, connection requests or security updates.

How Threat Actors are using the Pandemic

COVID-19 phishing related attacks were up by an unprecedented 600 percent.

In fact, 10 percent of their successful phishing test attacks were Coronavirus related.

So far KnowBe4 have examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed “in the wild” email subject lines that show actual emails users received and reported to their IT departments as suspicious.

Content from our partners
Incumbent banks must transform at speed, or miss the benefits of open banking
Leverage cloud and expertise to optimise engagements from onboarding to conclusion
How enterprises can best prepare for finance digitalisation

A joint alert released by the National Cyber Security Council (NCSC) and Homeland Security also picked up on this threat, stating that malicious actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic. This advantage can be used to tempt a user to click on a link or download an app, either of which may lead to a phishing website or the inadvertent downloading of malware.

To create the impression of authenticity, malicious cyber actors may spoof sender information in an email, which means to make it appear to be from a trustworthy source such as the World Health Organization (WHO) or an individual with “Dr.” in their title.

In several examples, phishing attempts claim to be from an organisation’s human resources (HR) department and advise the employee to open the attachment.

The CEO of KnowBe4 had this to say about their conclusions from the data they fielded in the first quarter of 2020:

“The bad guys are opportunists and they will use every chance they get to take advantage of people’s heightened emotions during crisis situations such as this one, by trying to entice them into clicking on a malicious link or to download an attachment laced with malware.

“It’s no surprise that we’re seeing an explosion of phishing attacks related to the coronavirus because people are actively seeking more information about it. End users should be especially careful with any email they receive related to COVID-19 and immediately report suspicious looking emails to their IT departments”.

Don’t Forget About the Other Scams

However, despite their uptick in growth, Coronavirus related phishing campaigns are still dwarfed by other day to day phishing content.

Dr Jamie Collier, Cyber Threat Intelligence Team Lead at Digital Shadows explained this threat further to Computer Business Review:

“Despite the rise in malicious Coronavirus emails, they only account for a relatively small proportion of total phishing campaigns seen in the threat landscape. Whilst it is therefore important to educate users about pandemic-related social engineering tactics, security teams must ensure that this does not create a distraction from addressing established phishing lures that comprise the majority of phishing attempts and remain as effective as ever”.


Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy