KnowBe4 Q3 2025 Phishing Simulation Roundup Highlights

The Q3 2025 Phishing Simulation Roundup from KnowBe4 indicated that simulated phishing emails mimicking colleagues and internal topics garnered the highest interaction rates among employees. The research highlighted an ongoing issue with employee susceptibility to phishing attempts leveraging familiarity.

Data for the roundup, collected from the KnowBe4 platform between July 1 and September 30, 2025, revealed that 90% of the most-clicked subject lines referenced internal topics. Human Resources-related emails were particularly prevalent, featuring in 45% of these interactions. Personalization strategies that included the company name significantly increased engagement.

Branded content was a focal point, with 70% of simulated phishing landing page interactions involving recognizable brands. Microsoft was the most common brand featured, comprising 25% of interactions. The report also noted that 82% of the top-clicked links in phishing simulations were based on internal themes, with 66% employing domain spoofing techniques.

Attachment analysis showed that PDFs made up 56% of the most opened attachments in phishing scenarios, followed by Word documents at 25% and Hypertext Markup Language (HTML) files at 19%. Erich Kron, CISO advisor at KnowBe4, emphasized that messages appearing routine, particularly from HR and IT, tend to be less scrutinized by users, suggesting a need for improved awareness and training to bolster cybersecurity resilience.