Fake Internal Emails Dominate Phishing Simulation Clicks in KnowBe4’s Q2 Report

KnowBe4, a leader in cybersecurity and human risk management, has released its Q2 2025 Phishing Simulation Roundup—and the findings reveal that employees continue to be most vulnerable when phishing emails appear to come from trusted internal sources.

The report shows that 98.4% of the top-clicked phishing email templates were internal-themed, with HR-related messages leading at 42.5% and IT topics at 21.5%. Branded landing pages also played a major role, with Microsoft accounting for more than a quarter of spoofed sites, followed by LinkedIn, X, Okta, and Amazon. Attachment-based phishing attempts are on the rise as well, with PDF files comprising over 60% of top interactions—an 8.1% increase from Q1.

These results underscore the challenge of trust in cybersecurity. Employees are far more likely to click when messages appear familiar, making internal communications and branded content prime attack vectors.

From a communications standpoint, the findings highlight why cybersecurity awareness must be woven into culture, not treated as a once-a-year training exercise. Regular simulations, adaptive learning, and reinforcing clear, trustworthy communication practices help employees develop instincts that protect rather than expose the organization.

For leaders, the lesson is clear: security is no longer just about technology. It’s about people, culture, and the systems in place to help employees recognize threats without eroding trust in legitimate workplace communication.