KnowBe4’s Q3 2025 Phishing Roundup Reveals Latest Threats

A new report from cybersecurity firm KnowBe4 highlights the ongoing challenge organizations face from highly personalized phishing emails that mimic internal communications. The Q3 2025 Phishing Roundup, which analyzed data from the company’s HRM+ platform collected between July and September 2025, reveals that employees remain most susceptible to messages appearing to originate from familiar internal departments.

Simulated phishing emails designed to look like they came from HR or IT teams consistently achieved the highest user interaction rates. This points to a persistent weakness where staff are more likely to trust and engage with content that seems routine or originates from within their own company. The two most-clicked subject lines in these simulations actually included the recipient’s specific company name, demonstrating the powerful effect of personalization.

Internal topics dominated the list of deceptive lures, making up a full 90% of the most-clicked subject lines. Human Resources was a particularly common theme, cited in nearly half of the top ten most-interacted-with emails. This suggests employees are conditioned to respond promptly to messages from departments that handle sensitive matters like payroll, benefits, or policy updates.

The study also examined the types of landing pages users encountered. A significant 70% of simulated landing page interactions involved professionally branded content. Microsoft emerged as the most frequently impersonated brand, accounting for one-quarter of all branded phishing attempts. It was followed by LinkedIn, X (formerly Twitter), Okta, and Amazon in the list of most-mimicked companies.

When it came to hyperlinks embedded within phishing emails, an overwhelming 82% of the top twenty clicked links were part of internally themed simulations. Furthermore, two-thirds of these deceptive links employed domain spoofing techniques, where the URL is crafted to closely resemble a legitimate company web address, making it harder for users to spot the fraud.

Attachment-based phishing also showed clear patterns. PDF files were the most commonly opened attachment type, comprising 56% of the top twenty opened files in simulated attacks. Microsoft Word documents followed at 25%, with HTML files making up the remaining 19%. These file types are often trusted by employees as part of normal business communication.

Erich Kron, a CISO advisor at KnowBe4, noted that familiarity breeds complacency. He explained that when a message appears to be a standard internal notification, users are far less likely to scrutinize its authenticity. The fact that this vulnerability repeats each quarter indicates the issue is deeply rooted in human psychology, not just a temporary lapse in judgment. This understanding is why their human and agentic AI risk management platform focuses on combining effective training with measurable behavior change to build durable security habits.

KnowBe4 provides tools to help organizations strengthen their security culture and manage human-related risks. Trusted by more than 70,000 organizations globally, its AI-driven Human Risk Management platform offers a comprehensive suite including awareness training, cloud email security, real-time coaching, and AI defense agents. The goal is to transform the workforce from a potential security liability into a robust first line of defense.

(Source: ITWire Australia)