It has been said quite a few times and it will be said for years to come, and that is phishing continues to be a solid attack, because phishing works.
Along those lines, a report just released on the Top 10 Global Phishing Email Subject Lines for Q2 2018.
The messages in the report are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments, said researchers at KnowBe4.
That is not to say phishing is a slam dunk. Attackers are getting more sophisticated as users are in defending against potential assaults.
One of the tricks attackers use is preying on users’ commitment to security, by employing subject lines that deal with passwords or security alerts.
“Hackers are smart and know how to leverage multiple psychological triggers to get the attention of an innocent victim,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “In today’s world, it’s imperative that businesses continually educate their employees about the tactics that hackers are using so they can be savvy and not take an email at face-value. Hackers will continue to become more sophisticated with the tactics they use and advance their utilization of social engineering in order to get what they want.”
KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click. They also examined “in-the-wild” email subject lines that show actual emails users received and reported to their IT departments as suspicious.
The top 10 most-clicked general email subject lines for Q2 are:
1. Password Check Required Immediately – 15 percent
2. Security Alert – 12 percent
3. Change of Password Required Immediately – 11 percent
4. A Delivery Attempt was made – 10 percent
5. Urgent press release to all employees – 10 percent
6. De-activation of [[email]] in Process – 10 percent
7. Revised Vacation & Sick Time Policy – 9 percent
8. UPS Label Delivery, 1ZBE312TNY00015011 – 9 percent
9. Staff Review 2017 – 7 percent
10. Company Policies-Updates to our Fraternization Policy – 7 percent
Email subject lines are a combination of simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
The most common in-the-wild email subject lines for Q2 include:
• Microsoft: Re: Important Email Backup Failed
• Microsoft/Office 365: Re: Clutter Highlight
• Wells Fargo: Your Wells Fargo contact information has been updated
• Chase: Fraudulent Activity On Your Checking Account – Act Now
• Office 365: Change Your Password Immediately
• Amazon: We tried to deliver your package today
• Amazon: Refund – Valid Billing Information Needed
• IT: Ransomware Scan
• Docusign: Your Docusign account is suspended
• You have a secure message.
In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.