Sydney, Australia (July 18, 2025) – KnowBe4, the world-renowned cybersecurity platform that comprehensively addresses human risk management, today released its Q2 2025 Simulated Phishing Roundup report. The roundup highlights a continued trend of employee susceptibility to social engineering techniques that exploit familiarity and trust, as seen in dominant interactions with internal communications and well-known brands, making up 98% of top email subject lines. All data for this roundup was taken from the KnowBe4 HRM+ platform between April 1, 2025, and June 30, 2025.

Key Findings from the Roundup Report

1. Consistency with Previous Quarter. Phishing simulation trends remained largely consistent with Q1 2025 (January 1 – March 31, 2025).
2. Internal Topics Dominate. Internal-themed topics made up 98.4% of the top 10 most-clicked email templates. Among these, HR was cited in 42.5% of phishing failures and IT in 21.5%.
3. Branded Landing Pages. 71.9% of malicious landing page interactions involved branded content. Microsoft was the most common, accounting for 26.7%, followed by LinkedIn, X, Okta, and Amazon.
4. Top Clicked Hyperlinks. 80.6% of the top 20 clicked links came from internally themed simulations. 68.2% of these used domain spoofing techniques.
5. Attachment Interactions. PDF attachment clicks rose by 8.1% compared to Q1. PDFs comprised 61.1% of the top 20 attachments, followed by HTML files (20.9%) and Word documents (18.0%).

“One of the key takeaways from the Q2 Simulated Phishing Roundup is the critical role trust plays in cybersecurity,” said Erich Kron, cybersecurity advocate, KnowBe4.  “Whether that is trust in internal communications, familiar brands, or even known individuals, phishing emails that appear to originate from reputable sources will always have a higher chance of lowering a recipient’s suspicions. We see this time and time again in real-word scenarios, where attackers use sophisticated social engineering tactics to take advantage of this fundamental human instinct, making it harder for employees to distinguish legitimate and malicious emails.”

Kron continued, “The Q2 findings reinforce the need for organisations to strengthen their human defences through a layered approach centred on human risk management. This includes employee empowerment through a combination of relevant, timely and adaptive security training and intelligent detection technology that can identify and mitigate threats in real time.”

Download a copy of the Q2 2025 KnowBe4 Simulated Phishing Roundup report, here.

About KnowBe4

KnowBe4 empowers workforces to make smarter security decisions every day. Trusted by over 70,000 organisations worldwide, KnowBe4 helps to strengthen security culture and manage human risk. KnowBe4 offers a comprehensive AI-driven ‘best-of-suite’ platform for Human Risk Management, creating an adaptive defence layer that fortifies user behaviour against the latest cybersecurity threats. The HRM+ platform includes modules for awareness & compliance training, cloud email security, real-time coaching, crowdsourced anti-phishing, AI Defence Agents, and more. As the only global security platform of its kind, KnowBe4 utilises personalised and relevant cybersecurity protection content, tools and techniques to mobilise workforces to transform from the largest attack surface to an organisation’s biggest asset. More at knowbe4.com.

Follow KnowBe4 on LinkedIn and X.