Protect Yourself: Top 10 Most Common Phishing Email Subject Lines

Posted on by

KnowBe4, the provider of one of the world’s largest security awareness training and simulated phishing platform, has announced the results of its Q3 top-clicked phishing report.

“Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage,” said Stu Sjouwerman, CEO, KnowBe4.

“We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns. By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end-users need to remain vigilant and remember to stop and think before they click.”

Here are the top 10 Email Categories Globally:

  1. Business
  2. Online Services
  3. Human Resources
  4. IT
  5. Banking and Finance
  6. Coronavirus/COVID-19 Phishing
  7. Mail Notifications
  8. Phishing for Sensitive Information
  9. Social Networking
  10. Brand Knockoffs

Top phishing email subjects were also broken out, comparing those in the U.S. to those in Europe, the Middle East, and Africa (EMEA).

In Q3 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. In the U.S., most of the email subjects appear to originate from the users’ organization. However, in EMEA, the top subjects are related to users’ everyday tasks.

The organization also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious.

The results are below.

Top Phishing Email Subjects in the US:

Vacation Policy Update
Password Check Required Immediately
Important: Dress Code Changes
Acknowledge Your Appraisal
Remote Working Satisfaction Survey
Top Phishing Email Subjects in Europe, Middle-East, and Africa:

Your Document is Complete – Save Copy
Stefani has endorsed you!
You have requested a reset to your LinkedIn password
Windows 10 Upgrade Error
Internet Capacity Warning
Common “In-the-Wild” attacks:

IT: Odd emails from your account
IT: Upcoming Changes
HR: Remote Working Satisfaction Survey
Facebook: Your Facebook access has been temporarily disabled for identity check
Twitter: Potential Twitter Account Compromise

By Luis Monzon

Leave a Reply

Your email address will not be published. Required fields are marked *