WFH phishing threats are on the rise

Cartoon Phishing
(Image credit: Shutterstock / DRogatnev)

New research has supported previous assertions that phishing attacks are increasing in response to the number of employees working from home. 

A new report by cybersecurity training provider KnowBe4 has revealed a concerning surge in phishing attempts across the fourth quarter of 2020.

The new report also outlined which phishing methods were likely to prove most effective. Based on KnowBe4’s simulated phishing tests, LinkedIn-related content was the most effective social media messaging used in phishing campaigns, deceiving 47% of recipients. In addition, 25% of individuals were tricked by email messages urging them to change their password.

Change the subject

As part of its simulated phishing attempts, KnowBe4 used a variety of email subject lines. These included “Password Check Required Immediately,” “Vacation Policy Update,” “COVID-19 Remote Work Policy Update,” and “You have been added to a team in Microsoft Teams.”

In-the-wild phishing attempts made across the fourth quarter were also analyzed and covered similar themes, with popular subject lines including “Twitter: Security alert: new or unusual Twitter login,” “Amazon: Action Required | Your Amazon Prime Membership has been declined,” and “Zoom: Scheduled Meeting Error.”

Evidently, threat actors are attempting to leverage the disruption caused by home working to add legitimacy to their phishing attempts. As businesses and individuals continue to get used to the “new normal,” it seems that cyberattackers will continue to exploit the situation.

“It’s no surprise that phishing attacks related to working from home are increasing given that many countries around the world have seen their employees working from home offices for nearly a year now,” said Stu Sjouwerman, CEO of KnowBe4. 

“Just because employees may be more used to their home office environment doesn’t mean that they can let their guard down. The bad guys deploy manipulative attacks intended to strike certain emotions to cause end-users to skip critical thinking and go straight for that detrimental click.”

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does