Cybercriminals often think of new and novel ways to run their scams. While we talk about emails from fake princes and unrealistic rewards, HR-related cybersecurity risks are not discussed enough. HR email impersonations are fairly easy to pull off, and most receivers often rush to reply to an email from HR just to ensure that their HR department doesn’t think they’re slacking off. The HR phishing threat is just as high for those who are unemployed but are looking for work, as there are cybercriminals out there waiting to take advantage of them by making them a job offer they can’t refuse.
Image: Pexels
HR and the Cybersecurity Risk Associated with the Field
KnowBe4’s Q2 2025 Phishing Simulation Roundup report recently took a closer look at the employee susceptibility to social engineering techniques that are designed to “exploit familiarity and trust,” and their findings suggested that 98.4% of the top 10 most-clicked email templates were related to internal topics. Of these, HR was cited in 42.5% of phishing failures and IT in 21.5%.
This data suggests that most often, the lapse in security and threat of phishing scams come from interactions with content that appears trustworthy, with HR instructions featuring in many of these cases. Some businesses often test employees by sending out fake emails to see which employees fall for them, so they can be made more aware of the risks that are out there; however, a single moment of oversight is enough to land you and your organization in trouble.
Why Does HR Run a High Risk of Impersonation?
If you’ve spent any amount of time job hunting, you know that there is a high chance that you applied for a job weeks ago and then forgot all about it. You may have applied on a job portal or on the company website, but the only way you are likely to hear back is through calls and emails. Under such circumstances, receiving an email that looks fairly legitimate is often enough to have you click on links in order to follow up on the job application, but this is a prime way for the apparent email from HR to turn into a cybersecurity risk.
For those who do have a job, HR phishing email scams often take the form of typical, sober HR emails, updating you to a change in policy or asking you to take a survey for different reasons at the organization. In many cases, especially at larger companies where you may be far removed from the HR team, you might click on the email out of obligation rather than interest, opening up the website and links to fill up the relevant information. Just like that, you might find yourself having fallen victim to an impersonator’s HR phishing attack.
What Can HR Do About the Impersonation Risk?
The HR phishing threat is one that must be taken seriously and addressed at once. Even if your organization has not previously been targeted by such attacks, it is important to regularly remind employees to check carefully to confirm that emails are sent from authorized sources. Employees should also be encouraged to alert the organization and its IT department when they are suspicious of an email. It is always better to check and risk being wrong than to reply callously and then be caught up in an HR phishing email scam.
HR teams can also benefit from having the official emails available to the general public to ensure that aspiring job seekers are not caught off guard by a fake recruiter’s malware attack. Transacting with candidates with a company-authorized ID and emails with company letterheads and signatures can allow job seekers to see what the official emails look like, making it easier for them to distinguish between an HR email impersonator and the real deal.
In 2025, some old-school methods of hiring are gaining traction, with paper resumes and in-person interviews replacing digital interactions. This allows for face-to-face interactions where both parties can verify the legitimacy of the individual sitting across the desk, adding a layer of trust to the interaction. Determine how best your organization can counteract the HR cybersecurity risk and ensure you set checks and action measures in place right now, and set your business up for success.
Subscribe to The HR Digest for more insights into the evolving landscape of work and employment right now.