View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Majority of Successful Phishing Tests Prompt Users to Change Their Password

COVID-19 phishing related attacks were up by an unprecedented 600 percent.

By claudia glover

Nearly half of successful phishing tests state urgent messages prompting victims to change their passwords immediately.

According to a report released today by simulated phishing platform KnowBe4, their most successful simulated phishing attack was an email prompting users to change their passwords.

Forty percent of successful social media related phishing tests used LinkedIn as a lure, tempting duplicitous clicks from users with promises of new profile views, connection requests or security updates.

How Threat Actors are using the Pandemic

COVID-19 phishing related attacks were up by an unprecedented 600 percent.

In fact, 10 percent of their successful phishing test attacks were Coronavirus related.

So far KnowBe4 have examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed “in the wild” email subject lines that show actual emails users received and reported to their IT departments as suspicious.

A joint alert released by the National Cyber Security Council (NCSC) and Homeland Security also picked up on this threat, stating that malicious actors are taking advantage of human traits such as curiosity and concern around the coronavirus pandemic. This advantage can be used to tempt a user to click on a link or download an app, either of which may lead to a phishing website or the inadvertent downloading of malware.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

To create the impression of authenticity, malicious cyber actors may spoof sender information in an email, which means to make it appear to be from a trustworthy source such as the World Health Organization (WHO) or an individual with “Dr.” in their title.

In several examples, phishing attempts claim to be from an organisation’s human resources (HR) department and advise the employee to open the attachment.

The CEO of KnowBe4 had this to say about their conclusions from the data they fielded in the first quarter of 2020:

“The bad guys are opportunists and they will use every chance they get to take advantage of people’s heightened emotions during crisis situations such as this one, by trying to entice them into clicking on a malicious link or to download an attachment laced with malware.

“It’s no surprise that we’re seeing an explosion of phishing attacks related to the coronavirus because people are actively seeking more information about it. End users should be especially careful with any email they receive related to COVID-19 and immediately report suspicious looking emails to their IT departments”.

Don’t Forget About the Other Scams

However, despite their uptick in growth, Coronavirus related phishing campaigns are still dwarfed by other day to day phishing content.

Dr Jamie Collier, Cyber Threat Intelligence Team Lead at Digital Shadows explained this threat further to Computer Business Review:

“Despite the rise in malicious Coronavirus emails, they only account for a relatively small proportion of total phishing campaigns seen in the threat landscape. Whilst it is therefore important to educate users about pandemic-related social engineering tactics, security teams must ensure that this does not create a distraction from addressing established phishing lures that comprise the majority of phishing attempts and remain as effective as ever”.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.