KnowBe4 Releases Q4 2025 Phishing Trends Report Highlighting the Power of Personalized Attacks

TAMPA BAY, Fla.--(BUSINESS WIRE)--KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, today released its Q4 2025 Phishing Simulation Roundup, detailing the most-clicked phishing email subjects from simulated phishing tests conducted between October and December 2025. The latest findings underscore how personalization, trusted brands and internal workplace themes continue to be the most effective tools used to prompt user interaction.

Overall, 62% of phishing landing pages users interacted with were branded, with Microsoft accounting for 22.9% of impersonated brands.

Share

The report shows that personalization significantly increases click rates, with the two most-clicked subject lines containing recipients’ company names. Internal topics dominated engagement, appearing in 100% of the top 10 most-clicked subject lines, while HR-related topics were referenced in 46%. Messages posing as IT notifications, training updates and routine HR communications consistently ranked among the most effective phishing lures. These findings reinforce insights from KnowBe4's State of Human Risk Report 2025: The New Paradigm of Securing People in the AI Era, which underscores the critical need for comprehensive human risk management as cybercriminals leverage increasingly sophisticated phishing tactics.

Analysis of phishing delivery methods further reinforces these trends. Among the top 20 hyperlinks clicked, around 87% referenced internal topics, and 90% involved domain spoofing, highlighting how closely attackers imitate legitimate business infrastructure to establish trust and prompt quick action.

The report also analyzed real-world phishing threats reported using the KnowBe4 Phish Alert Button. The top 10 most-reported phishing attacks frequently impersonated trusted brands such as Microsoft, ShareFile, Google, Zoom, Adobe, Coinbase and DHL, as well as internal IT and HR departments. Overall, 62% of phishing landing pages users interacted with were branded, with Microsoft accounting for 22.9% of impersonated brands. Social media platforms collectively represented 14.5%.

"The fact that nearly 90% of top-clicked phishing attempts involved domain spoofing shows that attackers are successfully creating convincing illusions of legitimacy," said Erich Kron, CISO advisor at KnowBe4. "When employees see their company name, their manager's name, or familiar internal systems referenced in an email, their natural inclination is to trust and act quickly. Organizations must recognize that technology alone isn’t enough – building a security-conscious culture where employees feel empowered to pause and verify is our strongest defense against these increasingly deceptive attacks."

To download the Q4 2025 Phishing Simulation Roundup infographic, click here.

About KnowBe4

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 builds security culture and helps teams manage both human and agent risk. The company delivers a comprehensive, agentic best-of-suite platform for Human Risk Management, creating an adaptive defense layer that reinforces secure behavior against evolving cybersecurity threats. The HRM+ platform includes awareness training, integrated cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defense Agents, and more. As AI becomes increasingly embedded in business operations, KnowBe4 prepares the modern workforce by training both humans and AI agents to recognize and respond to security risks. Through this unified approach, KnowBe4 leads workforce trust management and defense strategies. More info at knowbe4.com.

Follow KnowBe4 on LinkedIn and X.