logo
Phishing attacks in Q2 2025 exploit trust in internal emails

Phishing attacks in Q2 2025 exploit trust in internal emails

Techday NZ4 days ago
KnowBe4 has released its Q2 2025 Phishing Simulation Roundup report, showing that employees remain vulnerable to phishing emails that closely mimic internal communications and well-known brands.
Internal focus
The report draws on data from simulated phishing exercises conducted in mid-2025 using the KnowBe4 HRM+ platform. It shows that 98.4% of the top 10 most-clicked email templates had internal themes, with human resources referenced in 42.5% of phishing failures and IT topics in 21.5%.
Malicious emails that exploit trust by purporting to come from familiar sources are proving hard for employees to identify, with internal communication topics dominating the list of most successful phishing simulations.
Branded threats
KnowBe4's findings also indicate continued abuse of popular brands in social engineering attacks, with branded content present in 71.9% of malicious landing page interactions. Microsoft was featured in 26.7% of these interactions, followed by LinkedIn, X, Okta, and Amazon.
When it came to hyperlinks within emails, the vast majority (80.6%) of the top 20 most-clicked links originated from internally-themed simulations, and 68.2% used domain spoofing techniques to appear more convincing.
Attachment trends
The analysis showed a rise in the use of PDF files as phishing lures. PDF attachment clicks increased by 8.1% compared to the previous quarter, and PDFs made up 61.1% of the top 20 attachments. HTML files accounted for 20.9%, with Word documents making up the remaining 18.0%.
Consistency with previous quarter
The trends in Q2 2025 were largely consistent with those seen in Q1 2025, emphasising the persistent nature of social engineering tactics that rely on the exploitation of trust and familiarity.
Expert commentary "One of the key takeaways from the Q2 Simulated Phishing Roundup is the critical role trust plays in cybersecurity. Whether that is trust in internal communications, familiar brands, or even known individuals, phishing emails that appear to originate from reputable sources will always have a higher chance of lowering a recipient's suspicions. We see this time and time again in real-word scenarios, where attackers use sophisticated social engineering tactics to take advantage of this fundamental human instinct, making it harder for employees to distinguish legitimate and malicious emails," said Erich Kron, Cybersecurity Advocate, KnowBe4.
Kron also highlighted the importance of a comprehensive approach to reducing risk: "The Q2 findings reinforce the need for organizations to strengthen their human defenses through a layered approach centered on human risk management. This includes employee empowerment through a combination of relevant, timely and adaptive security training and intelligent detection technology that can identify and mitigate threats in real time."
Human element in security
The Q2 2025 report points to a need for regular and adaptive security training for employees, alongside the deployment of detection technologies capable of recognising and halting phishing attempts. The data suggests that even as technical defenses improve, the human element remains a significant focus for attackers.
Follow us on:
Share on:
Orange background

Try Our AI Features

Explore what Daily8 AI can do for you:

Comments

No comments yet...

Related Articles

Dynon is first New Zealander in global Top 40 security leaders
Dynon is first New Zealander in global Top 40 security leaders

Techday NZ

timean hour ago

  • Techday NZ

Dynon is first New Zealander in global Top 40 security leaders

Optic Security Group's Group Brand Strategy & Innovation Director Nicholas Dynon has been named to the Life Safety Association's Top 40 Thought Leaders in Security & Life Safety for 2025, becoming the first New Zealander to appear on the list. Dynon, who is based in Auckland, was recognised alongside security professionals from over a dozen countries, representing diverse sectors including life safety, physical security, cybersecurity, risk management, loss prevention, and intelligence. Three Australians were also included among the listees. The Top 40 Thought Leaders are selected by a committee based on several criteria, including number of conference presentations delivered, webinar and podcast appearances, LinkedIn reach, authored journal articles, published media commentary, and volunteer leadership positions held over a 12-month period. Optic Security Group Managing Director Mike Cunningham congratulated Dynon on this achievement. "What we know at Optic Security Group is that it takes years of hard work to become an overnight sensation. That is true at all levels of Nick's work, his dedication, and his approach to client engagement." Cunningham also highlighted the significance of being the only New Zealander acknowledged in the Top 40, saying, "To be the only New Zealander recognised underscores Nick's commitment to the industry and Optic Security Group's customers across an unmatched service footprint in Australia and New Zealand. Well done, Nick, we at Optic are all very proud of your achievement." A significant factor contributing to Dynon's inclusion was the international recognition of his research on the public acceptability of facial recognition technology in varied security and surveillance contexts. His work, published in Massey University's National Security Journal, has not only appeared in domestic outlets but was translated and featured in the Japanese press. Beyond research, Dynon's voluntary leadership roles contributed to his Top 40 placement. He serves as secretary for the ASIS International New Zealand chapter, is a member of the New Zealand Security Association Security Consultant Special Interest Group, and co-founded the annual Women in Security Awards Aotearoa. Dynon expressed his appreciation for the recognition, stating, "I am honoured and humbled to be named among this esteemed group of security professionals. I'm particularly proud to be the first New Zealander to make the list, and I'm confident we'll be seeing more Kiwis recognised in the Top 40 going forward." He also pointed to the ongoing technology initiatives at Optic Security Group. "We're advancing some exciting work in Optic Security Group in the emerging security technology space, including facial recognition, artificial intelligence, and advanced video analytics," he said. "It's an environment that promotes innovation, thought leadership, and a genuine desire to raise industry standards and take security thinking to new heights." Dynon acknowledged the support provided by his employer, noting, "Ultimately, I'm grateful to Optic for providing not only an intellectually enriching workplace, but also for encouraging its people to seek opportunities for leadership and service to the industry and community." In his current role, Dynon oversees operations at the OpticIQ Lab, a division specialising in the development, testing, training, and readiness deployment of analytics and AI-enabled security technologies. The laboratory is led by Vlado Damjanovski, noted for his expertise in CCTV, and operates from Adelaide. Dynon's recognition marks a milestone not only for Optic Security Group but also for the profile of New Zealand's security professionals on the international stage.

Researchers say hackers exploited a security flaw in software widely used by governments, businesses
Researchers say hackers exploited a security flaw in software widely used by governments, businesses

NZ Herald

time2 hours ago

  • NZ Herald

Researchers say hackers exploited a security flaw in software widely used by governments, businesses

The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint. Listening to articles is free for open-access content—explore other articles or learn more about text-to-speech. The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint. Hackers connected to the Chinese Government were behind at least some of the widespread attacks in the past few days on organisations that use collaboration software from Microsoft, defenders working on the intrusions said in interviews. The breaches in the United States and other countries took advantage of a disastrous security flaw that drew attention this month, after Microsoft issued a patch that fixed only part of the problem in SharePoint, which is widely used to co-ordinate work on documents and projects. 'We assess that at least one of the actors responsible for this early exploitation is a China-nexus threat actor,' said Charles Carmakal, chief technology officer of Google's Mandiant Consulting. Another researcher, who, like others, spoke on the condition of anonymity because the inquiry is still under way, said federal investigators have evidence of US-based servers linked to compromised SharePoint systems connecting to internet protocol addresses inside China last week. The FBI, the White House, and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency declined to comment today.

DOWNLOAD THE APP

Get Started Now: Download the App

Ready to dive into a world of global content with local flavor? Download Daily8 app today from your preferred app store and start exploring.
app-storeplay-store