KnowBe4, the world’s largest security awareness training, and simulated phishing platform, shared its Top 10 Global Phishing Email Subject Lines for Q1 2018. The results are compiled from analyzing data of KnowBe4 users. While the results show that users, when delivered a simulated phishing test, still continue to open messages with a mix of subject lines related to personal and company notifications, KnowBe4 found an alarming trend with ‘in-the-wild’ emails. These messages, which based on actual messages they received and reported to their IT departments, show the top three subject lines relate to security concerns on school campuses.
This comes at a time when phishing emails continue to plague organizations. Just this month the U.S. State Department warned its staff against a “tidal wave” of malicious email meant to trick users into opening them. Verizon’s 2018 Data Breach Investigations Report, also issued this month, notes that phishing emails account for 98% of all social engineering related incidents and breaches. And while hackers have always used topical news stories to color their phish attempts, the rise in ‘in-the-wild’ emails related to campus security incidents highlights the emotional depths to which these bad actors will go to breach an organization.
“Hackers do what works – and what works is manipulating a human’s psyche to make them feel curious, important or, sadly, scared. As technical controls continue to improve at thwarting automated attacks, hackers are upping their sophistication at bypassing technical controls through the use of social engineering,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4.
KnowBe4 understands that humans the attack surface of choice for cybercriminals. The company examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click. They also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT department as suspicious.
The Top 10 Most-Clicked General Email Subject Lines Globally for Q1 2018 include:
1. A Delivery Attempt Was Made – 21%
2. Change of Password Required Immediately – 20%
3. W-2 – 13%
4. Company Policy Update for Fraternization– 10%
5. UPS Label Delivery 1ZBE3112TNY00015011 – 10%
6. Revised Vacation and Time Policy – 8%
7. Staff Review 2017 – 7%
8. Urgent Press Release to All Staff – 5%
9. Deactivation of (email) in Process – 4%
10. Please Read: Important from HR – 2%