Report Shows Fake Internal Emails Dominate Phishing Schemes

Workers continue to be vulnerable to emails that appear to be from HR, IT or major brands.

Sep 4, 2025
Hacktivist Peshkov
istock.com/peshkov

KnowBe4,a leading risk management solutions provider, recently released its Q2 2025 Simulated Phishing Roundup report. The roundup highlights a continued trend of employee susceptibility to social engineering techniques that exploit familiarity and trust. 

Internal communications and well-known brands made up 98 percent of top email subject lines. Additional findings included:

  • Internal-themed topics made up 98.4 percent of the top 10 most-clicked email templates. Among these, HR was cited in 42.5 percent of phishing failures and IT in 21.5 percent. 

  • 71.9 percent of malicious landing page interactions involved branded content. Microsoft was the most common, accounting for 26.7 percent, followed by LinkedIn, X, Okta, and Amazon. 

  • 80.6 percent of the top 20 clicked links came from internally-themed simulations. 

  • 68.2 percent of these used domain spoofing techniques. 

  • PDF attachment clicks rose by 8.1 percent, compared to Q1. 

  • PDFs comprised 61.1 percent of the top 20 attachments, followed by HTML files (20.9 percent) and Word documents (18.0 percent). 

“One of the key takeaways ... is the critical role trust plays in cybersecurity,” said Erich Kron, cybersecurity advocate, KnowBe4. â€śWhether that is trust in internal communications, familiar brands, or even known individuals, phishing emails that appear to originate from reputable sources will always have a higher chance of lowering a recipient’s suspicions. 

"We see this time and time again in real-word scenarios, where attackers use sophisticated social engineering tactics to take advantage of this fundamental human instinct, making it harder for employees to distinguish legitimate and malicious emails. 

“The Q2 findings reinforce the need for organizations to strengthen their human defenses through a layered approach centered on human risk management. This includes employee empowerment through a combination of relevant, timely and adaptive security training and intelligent detection technology that can identify and mitigate threats in real time.” 

The report is available for download here. 

Latest in Cybersecurity
Strengthen Your Manufacturing Sales Resiliency
Sponsored
Strengthen Your Manufacturing Sales Resiliency
September 1, 2025
Hacktivist Peshkov
Report Shows Fake Internal Emails Dominate Phishing Schemes
September 4, 2025
Ransomware
Alarmingly Organized Criminal Enterprises
September 4, 2025
Ep148
Security Breach: Threat Landscape Update
September 4, 2025
Related Stories
Ransomware
Cybersecurity
Alarmingly Organized Criminal Enterprises
Ep148
Video
Security Breach: Threat Landscape Update
Phishing Tadamichi
Cybersecurity
Defending Against New RAT Attack
Security Breach Podcast
Sponsor Content
Security Breach Podcast
More in Cybersecurity
Strengthen Your Manufacturing Sales Resiliency
Sponsored
Strengthen Your Manufacturing Sales Resiliency
Discover manufacturing sales and marketing strategies for today’s volatile market. Get guide now!
September 1, 2025
Ransomware
Cybersecurity
Alarmingly Organized Criminal Enterprises
The surprising anatomy of ransomware groups and their growing threat.
September 4, 2025
Ep148
Video
Security Breach: Threat Landscape Update
Hackers are smarter, industrial systems are tough, and there's still no patch for humans.
September 4, 2025
Phishing Tadamichi
Cybersecurity
Defending Against New RAT Attack
The phishing scheme entices victims into downloading the UpCrypter malware.
September 4, 2025
Hacking Alarm
Cybersecurity
New Study Reveals Insider Threats, AI Complexities Driving Security Risks
File-related breaches are costing an average of $2.7 million per incident.
September 4, 2025
Machine Vision
Cybersecurity
Critical Infrastructure's Soft Underbelly: Outdated Surveillance Equipment
Attackers know about their exploitable flaws, and are taking advantage.
September 3, 2025
Peach Istock Ai Cyber
Cybersecurity
Shadow AI Shines Light on Escalating Concerns
Unauthorized tools are unintentionally expanding manufacturers' attack surfaces.
September 3, 2025
General Cyberattack
Cybersecurity
CISA, Partners Release Advisory on Chinese State-Sponsored Actors
The group, which has many aliases, continues to play the long game in targeting critical infrastructure.
August 28, 2025
Sbd Vadim Shechkov
Cybersecurity
Nozomi, Schneider Partner on Embedded Security Sensor for Remote Terminal Units
Manufacturers could realize greater operational resilience, uptime, security and compliance.
August 28, 2025
Industrial Cyber
Cybersecurity
Some Assembly Required: Manufacturing’s Struggle to Operationalize Cyber Resilience
There is a gap between plan and execution, and attackers are taking advantage.
August 28, 2025
Hacking Alarm
Cybersecurity
Alert Fatigue: Why SOCs Are Fighting Yesterday’s War Against Tomorrow’s Threats
Adversaries don’t follow our prioritization frameworks.
August 28, 2025
Coding
Cybersecurity
Research Shows How a Shifting Landscape is Driving SBOMs
The use of AI is having positive and concerning impacts.
August 28, 2025
Peach Istock Ai Cyber
Cybersecurity
AI, IT/OT Convergence are Reshaping Manufacturing Cybersecurity
Attackers are increasingly leveraging IT/OT convergence to their advantage.
August 28, 2025
Industrial Cyber
Cybersecurity
Insider Threats are the Costliest Cyber Risk
Why they continue to be harder to control.
August 21, 2025
Soc
Cybersecurity
Six Data‑Driven Trends Impacting OT Cybersecurity
The discussion has shifted from “should we invest?” to “how fast can we prove payback?”
August 21, 2025