Everyone thinks they can spot a phish. Whether it is an email, SMS text, or QRish phishing, people have an overinflated view of their capabilities to detect them.
A new summary by KnowB4, “What Makes People Click?” provides an insightful review and proves that people still click when curiosity gets the best of them.
According to the summary of top-clicked phishing tests between January and March 2025, phishes impersonating HR or IT are the most successful. People were more likely to interact with links related to internal team topics, open PDFs, HTML files, and .doc Word files and continue to be vulnerable to impersonation of trusted company brands. The companies most likely to be impersonated as part of a successful phishing campaign are Microsoft, LinkedIn, the company the victim works for, Google, and Okta.
And then there are QR codes. Everyone makes fun of me for constantly warning about QR codes, and I am grateful to KnowB4 for having my back on this one. Its summary illustrates that users continue to be duped into scanning malicious QR codes. The top three successful QR scams are QR codes related to the company’s new drug and alcohol policy, a DocuSign for review and signing, and a happy birthday message from Workday. Please take these statistics to heart and beware of these and similar scams. Think twice before clicking on that Happy Birthday message from Workday.
I frequently conduct employee education sessions and carefully follow KnowBe4’s insights. It always has its finger on the pulse and provides practical solutions in real-time. Review its 1st quarter summary, which is jam-packed with useful information for yourself and your users.
[View source.]
