Top-clicked phishing subject lines revealed

Read time 2min 00sec
Comments (0)

There has been an increase in phishing e-mails using business, HR and IT as subjects, and less reliance on obvious social media phishing campaigns. Also, social engineering attacks continue to be one of the top ways bad actors breach organisations.

These were two of the findings of KnowBe4, a provider of the security awareness training and simulated phishing platform, in its latest (Q3) quarterly report on top-clicked phishing e-mail subjects.

Having more data on likely tactics and templates used by attackers executing phishing attacks, infosec professionals can strengthen their human firewall, says Stu Sjouwerman, CEO of KnowBe4.

“Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”

Top categories globally were revealed to be business, online services, human resources, IT, banking and finance, COVID-19, mail notifications, phishing for sensitive information, social networking, and brand knockoffs.

Subject lines

The top phishing e-mail subjects were also unpacked, comparing those in the US to those in Europe, the Middle East and Africa (EMEA).

In Q3 2021, KnowBe4, examined tens of thousands of e-mail subject lines from simulated phishing tests. 

In the US, most of the e-mail subjects appear to originate from the users’ organisation. In EMEA, the top subjects are related to users’ everyday tasks.

In the US, the top subject lines were, Vacation Policy Update, Password Check Required Immediately, Important: Dress Code Changes, Acknowledge Your Appraisal, and Remote Working Satisfaction Survey.

In EMEA, these were revealed to be Your Document is Complete - Save Copy, Stefani has endorsed you!, You have requested a reset to your LinkedIn password, Windows 10 Upgrade Error, and Internet Capacity Warning.

These subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

In-the-wild attacks

Common “In-the-wild” attacks discovered include IT: Odd emails from your account, IT: Upcoming Changes, HR: Remote Working Satisfaction Survey, Facebook: Your Facebook access has been temporarily disabled for identity check, and Twitter: Potential Twitter Account Compromise.

These subject lines represent actual e-mails users received and reported to their IT departments as suspicious.

Login with
10 hours ago
Be the first to comment
See also