KnowBe4 Research: Personalized Phishing Emails with Company Names Achieve the Highest Click Rates
Security
Background
knowbe4-onderzoek-gepersonaliseerde-phishingmails-met-bedrijfsnamen-behalen-de-hoogste
Published by
WINMAG Pro Editorial Team
Fri, 06 February 2026, 02:35
Read time: 3 min 0 sec
Share
Personalized phishing emails, phishing emails that imitate trusted brands, or phishing emails that concern internal, work-related themes are the most effective at enticing people to interact. This is evident from the Q4 2025 Phishing Simulation Roundup by KnowBe4, the globally renowned cybersecurity platform focused entirely on managing risks related to human behavior and agentic AI. The report describes the most clicked phishing topics from simulated phishing tests conducted between October and December 2025.

Personalization Increases Click Rates

The report shows that personalization significantly increases click rates: the two most clicked subject lines contained the name of the recipient's company. Internal topics dominated engagement and appeared in 100% of the top 10 most clicked subject lines, while HR-related themes were mentioned in 46%. Emails resembling IT notifications, training updates, and routine HR communications consistently ranked among the most effective phishing methods. These findings confirm insights from the State of Human Risk Report 2025: The New Paradigm of Securing People in the AI Era, which emphasizes the critical importance of integrated human risk management as cybercriminals deploy increasingly sophisticated phishing techniques.

Also read: Why Security Awareness Remains Crucial

Domain Spoofing Appears in Nearly 90% of the Most Clicked Attacks

Analysis of the phishing delivery methods used further underscores these trends. Of the 20 most clicked hyperlinks, approximately 87% referred to internal topics and involved 90% domain spoofing. This highlights how accurately attackers imitate legitimate business infrastructure to build trust and provoke swift action.

Additionally, the report analyzed real phishing threats reported via the KnowBe4 Phish Alert Button. The top 10 most reported phishing attacks often posed as trusted brands such as Microsoft, ShareFile, Google, Zoom, Adobe, Coinbase, and DHL, as well as internal IT and HR departments. In total, 62% of the phishing landing pages that users interacted with featured branding, with Microsoft accounting for 22.9% of the spoofed brands. Social media platforms collectively represented 14.5%.

Also read: What is a CASB?

'The fact that nearly 90% of the most clicked phishing attempts involve domain spoofing shows that attackers know how to create very convincing illusions of legitimacy,' said Erich Kron, CISO advisor at KnowBe4. 'When employees see their company name, their manager's name, or trusted internal systems in an email, their natural tendency is to trust the message and act quickly. Organizations must recognize that technology alone is not enough. Building a security-aware culture where employees feel supported to pause and verify is our strongest defense against attacks that increasingly know how to mislead us.'

Also read: Companies Not Prepared for Quantum-Driven Cyber Threats

nederland-scoort-te-laag-op-digitale-weerbaarheid
News
Software
3+

The Netherlands scores too low on digital resilience

Thursday 14 May 2026 - 08:00
hoe-as-a-service-de-it-wereld-verandert
Hosting
Software
1+

How 'as a Service' is changing the IT world

Wednesday 13 May 2026 - 20:00
ai-en-duurzaamheid-strategieen-voor-organisaties
Software
Background
1+

AI and Sustainability: Strategies for Organizations

Tuesday 12 May 2026 - 22:15
waarom-de-cultfilm-hackers-nog-steeds-boeit
Background
Reviews
1+

Why the cult film Hackers still fascinates

Monday 11 May 2026 - 15:30