Top-Clicked Phishing Email Subjects: Q1 2020
Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into three different categories: those related to social media, general subjects, and 'In the Wild'.
The first two categories contain email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates.
Top Clicked Email Subjects
Social Media Related Subjects:
LinkedIn: Profile Views, Add me to your network, Security Update
Your friend tagged you in photos on Facebook
Login alert for Chrome on Motorola Moto X
Your password was successfully reset
Someone may have accessed your account
Someone has sent you a Direct Message on Twitter!
New voice message at 1:23AM
General Email Subjects:
Password Check Required Immediately
CDC Health Alert Network: Coronavirus Outbreak Cases
PTO Policy Changes
Scheduled Server Maintenance -- No Internet Access
Test of the [[company_name]] Emergency Notification System
Revised Vacation & Sick Time Policy
De-activation of [[email]] in Process
Please Read Important from Human Resources
Someone special sent you a Valentine's Day ecard!
You have been added to a team in Microsoft Teams
Most Common 'In the Wild' Attacks in this period:
List of Rescheduled Meetings Due to COVID-19
SharePoint: Coronavirus (COVID-19) Tax Cut Document
Confidential Information on COVID-19
IT: Work from home - VPN connection
Comcast: Notification from Carl Vargas
Microsoft: Your meeting will begin soon
HR: New Employee Stock Purchase Plan
Vodafone: Caller Alert: Msg Received Today
Amazon Chime: Vonage invites you to join vonage_303136
Parking Authority: Parking Ticket: Pay Charge
Key Takeaways
Coronavirus-related phishing email attacks are up 600%. The second most popular message of the entire quarter was a fake CDC alert about Coronavirus cases. Cybercriminals are preying on heightened stress, distraction, urgency, curiosity, and fear to get people to react before thinking logically about whether or not an email is legit.
LinkedIn messages dominate the top social media email subjects. Other emails containing security-related warnings create a sense of urgency that convinces people to click their links.
Security and HR-related messages that could potentially affect an employees daily work continue to be effective. Especially during this time with so much uncertainty surrounding work.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.