Personalized phishing emails referencing company names record the highest click rates, while nearly 90% of top-clicked attacks rely on domain spoofing
KnowBe4, a global platform focused on human and agentic AI risk management, has released its Q4 2025 Phishing Simulation Roundup, highlighting how personalized messaging and internal workplace themes continue to drive the most successful phishing attacks.
The report analyzes simulated phishing tests conducted between October and December 2025, revealing that emails containing recipients’ company names generated the highest engagement. Internal workplace topics appeared in 100% of the top 10 most-clicked phishing subject lines, with HR-related themes referenced in 46% of cases. Messages impersonating IT notifications, training updates, and routine HR communications consistently ranked among the most effective phishing lures.
These findings reinforce insights from KnowBe4’s State of Human Risk Report 2025: The New Paradigm of Securing People in the AI Era, which emphasizes the growing need for comprehensive human risk management as cybercriminals increasingly rely on AI-enhanced social engineering techniques.
Cyber Technology Insights: Netmore Group Acquires Actility to Expand Global LPWAN and Massive IoT Leadership
The analysis also highlights the prevalence of domain spoofing. Among the top 20 most-clicked phishing links, approximately 87% referenced internal topics, while 90% involved spoofed domains, demonstrating how attackers closely mimic legitimate corporate infrastructure to build trust and prompt rapid action.
In addition to simulated tests, KnowBe4 examined real-world phishing threats reported through its Phish Alert Button. The top 10 most-reported attacks frequently impersonated trusted brands such as Microsoft, ShareFile, Google, Zoom, Adobe, Coinbase, and DHL, alongside internal IT and HR departments. Overall, 62% of phishing landing pages interacted with by users were branded, with Microsoft accounting for 22.9% of impersonated brands. Social media platforms collectively represented 14.5%.
“The fact that nearly 90% of top-clicked phishing attempts involved domain spoofing shows how effectively attackers are creating convincing illusions of legitimacy,” said Erich Kron, CISO Advisor at KnowBe4. “When employees see their company name, a manager’s name, or familiar internal systems referenced in an email, their instinct is to trust and act quickly. Technology alone isn’t enough—organizations must build a security-conscious culture that empowers employees to pause, question, and verify.”
Cyber Technology Insights: IQM Quantum Computers Appoints Jan Goetz as Sole CEO in Leadership Restructure
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
