KnowBe4 Releases Q3 2018 Top-Clicked Phishing Report
October 2018 by KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today shared it’s Top 10 Global Phishing Email Subject Lines for Q3 2018. The messages in the report, which were compiled from analyzing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments. The top three messages for Q3 2018 show that hackers are playing into users’ commitment to security, with password checks, as well as their curiosity, with a new voicemail or order on its way.
Eighty-seven percent of global executives view untrained staff as the greatest cyber risk to their business, according to a recent report by Willis Towers Watson and ESI ThoughtLab. Compounding this finding is the fact that staff training is ranked among the categories to have made the least progress when measured against the National Institute of Standards and Technology (NIST) cybersecurity framework. The research also identified the most common types of attacks include malware/spyware (81 percent) and phishing (64 percent).
“Hackers are leveraging an individual’s desire to remain security minded or well informed by playing into his/her psyche,” said Perry Carpenter, chief evangelist and strategy officer, KnowBe4. “They do this by making someone believe they are at risk or that something needs immediate attention. These types of attacks are effective because they cause a person to simply react before thinking logically about the legitimacy of the email. Managing the ongoing problem of social engineering is becoming more and more difficult as hackers play into human emotions by causing feelings of alarm or curiosity.”
In the third quarter of 2018, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click. The Company also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.
The Top 10 Most-Clicked General Email Subject Lines Globally for Q3 2018 include:
• Password Check Required Immediately 34%_
• You Have a New Voicemail 13%
• Your order is on the way 11%
• Change of Password Required Immediately 9%
• De-activation of  in Process 8%
• UPS Label Delivery 1ZBE312TNY00015011 6%
• Revised Vacation & Sick Time Policy 6%
• You’ve received a Document for Signature 5%
• Spam Notification: 1 New Messages 4%
•[ACTION REQUIRED] - Potential Acceptable Use Violation 4%
*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common for Q3 2018 included:
• You have a new encrypted message
• IT: Syncing Error – Returned incoming messages
• HR: Contact information
• FedEx: Sorry we missed you.
• Microsoft: Multiple log in attempts
• IT: IMPORTANT – NEW SERVER BACKUP
• Wells Fargo: Irregular Activities Detected on Your Credit Card
• LinkedIn: Your account is at risk!
• Microsoft/Office 365: [Reminder]: your secured message
• Coinbase: Your cryptocurrency wallet: Two-factor settings changed
*Capitalization and spelling are as they were in the phishing test subject line. **In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.
Businesses need to train their users to be their last line of defense.