KnowBe4 Report Shows Personalized Phishing Attacks Dominate Q4 2025
Event summary
- KnowBe4's Q4 2025 Phishing Trends Report highlights that personalization significantly increases click rates, with the top two most-clicked subject lines containing recipients’ company names.
- Internal topics dominated engagement, appearing in 100% of the top 10 most-clicked subject lines, while HR-related topics were referenced in 46%.
- Among the top 20 hyperlinks clicked, around 87% referenced internal topics, and 90% involved domain spoofing.
- The report analyzed real-world phishing threats reported using the KnowBe4 Phish Alert Button, with Microsoft accounting for 22.9% of impersonated brands.
The big picture
KnowBe4's report underscores the critical need for comprehensive human risk management as cybercriminals leverage increasingly sophisticated phishing tactics. The findings highlight how personalization, trusted brands, and internal workplace themes are the most effective tools used to prompt user interaction. This trend is part of a broader industry shift towards recognizing that technology alone isn’t enough; building a security-conscious culture is essential for defending against evolving cybersecurity threats.
What we're watching
- Attack Evolution
- How cybercriminals will adapt their tactics as organizations enhance security awareness training.
- Employee Training
- Whether KnowBe4's focus on building a security-conscious culture can effectively counter increasingly sophisticated phishing attacks.
- Technological Defenses
- The pace at which technological solutions will evolve to detect and mitigate domain spoofing and other personalized attack methods.
Related topics