Key Findings
Over 60% of top-clicked phishing emails were related to HR and IT.
People were more likely to click on links related to internal topics or impersonating known brands, accounting for 61.6% of clicks.
The top three QR codes scanned in simulations related to: A new drug and alcohol policy from HR (14.7%), A DocuSign for review and signing (13.7%), A Workday happy birthday message (12.7%).
In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).
68.6% of clicked links involved domain spoofing.
60.7% of the phishing simulations that were clicked mentioned an internal team.
Internal communications are a significant driver of phishing failures. Emails impersonating internal teams, particularly HR and IT, received the most failures in phishing simulations.
49.7% of clicked phishing simulations mentioned HR.
In attachment-based campaigns, people were most likely to open certain file types: PDFs (53%), HTML files (28.5%), Word files (18.5%).