In this series, we first explored the psychology that makes HR phishing so effective, then showcased the real-world lures attackers use to trick your employees. Now, we’re going under the hood to answer the critical question: How do these attacks technically bypass security defenses?
We all trust HR – or at least we do when we think they’re emailing us! Data from KnowBe4’s HRM+ platform reveals that phishing simulations with internal subject lines dominate the list of most-clicked templates in 2025.
Phishing attacks impersonating HR are on the rise. Between January 1 – March 31, 2025, our Threat Lab team observed an 120%surge in these attacks reported via our PhishER product versus the previous three months. These attacks have remained at elevated levels since peaking in February.
The North Korean threat actor ScarCruft has incorporated ransomware into its arsenal, according to researchers at South Korean security firm S2W.
![[FREE RESOURCE KIT] Cybersecurity Awareness Month Kit 2025 Now Available](https://blog.knowbe4.com/hubfs/CybersecurityAwarenessMonth25_BlogPost_SocialImg_New.png)
In the never-ending battle against cyber villains, your users are on the front lines.
Modern Security Operations Centers (SOCs) face a persistent challenge: managing threats across multiple security tools while maintaining operational efficiency.
For any small- to medium-sized enterprise (SME), the cybersecurity landscape can be intimidating. You are informed of a variety of threats, reliable expertise is scarce, and there is limited (if any) budget available.
