Top-Clicked Phishing Email Subjects: Q2 2020
Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into three different categories: those related to social media, general subjects, and 'In the Wild'.
The first two categories contain email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates.
Top Clicked Email Subjects
Social Media Related Subjects:
People are looking at your LinkedIn profile
You appeared in new LinkedIn searches this week
Please add me to your LinkedIn Network
LinkedIn Password Reset
Your friend tagged you in photos on Facebook
Your friend tagged a photo of you on Facebook
Someone has sent you a Direct Message on Twitter
Login alert for Chrome on Motorola Moto X
New voice message at 1:23AM
55th Anniversary and Free Pizza
General Email Subjects:
Password Check Required Immediately
Vacation Policy Update
Branch/Corporate Reopening Schedule
COVID-19 Awareness
Coronavirus Stimulus Checks
List of Rescheduled Meetings Due to COVID-19
Confidential Information on COVID-19
COVID-19 - Now airborne, Increased community transmission
Fedex Tracking
Your meeting attendees are waiting!
Most Common 'In the Wild' Attacks in this period:
Microsoft: Abnormal log in activity on Microsoft account
Chase: Stimulus Funds
HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines
Zoom: Restriction Notice Alert
Jira: [JIRA] A task was assigned to you
HR: Vacation Policy Update
Ring: Karen has shared a Ring Video with you
Workplace: [[company_name]] invited you to use Workplace
IT: ATTENTION: Security Violation
Earn money working from home
Key Takeaways
Phishing emails that look like they are coming from LinkedIn have been at the top of the list since KnowBe4 began tracking these in 2017. There is likely a perception that these emails are legitimate because they appear to be coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses.
Phishing email attacks related to COVID-19 remained frequent in Q2 2020. Covering the entire second quarter, simulated phishing tests with a message related to the coronavirus were the most popular, with a total of 56%.
Cybercriminals are preying on heightened stress, distraction, urgency, curiosity, and fear in users brought on by the pandemic and working from home. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email.
See KnowBe4’s original post.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.