Top-Clicked Phishing Email Subjects: Q2 2021

Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into two different categories: those related to social media, general subjects, and 'In the Wild'.

The first category contains email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates.

Top Clicked Email Subjects

Top 10 Most-Clicked General Email Subjects in Q2 2021:

1. Password Check Required Immediately

2. Vacation Policy Update

3. Important: Dress Code Changes

4. ACH Payment Receipt

5. Test of the [[company_name]] Emergency Notification System

6. Scheduled Server Maintenance -- No Internet Access

7. COVID-19 Remote Work Policy Update

8. Scanned image from MX2310U@[[domain]]

9. Security Alert

10. Failed Delivery

Most Common 'In the Wild' Attacks in Q2 2021:

1. Zoom: Important issue

2. IT: Information Security Policy Review

3. Mastercard: Confirmation: Your One-Time Password

4. Facebook: Your account has been temporarily locked

5. Google: Take action to secure your compromised passwords

6. Microsoft: Help us protect you - Turn on 2-step verification to protect your account

7. Docusign: Lucile Green requests you to sign Mandatory Security Training documents

8. Internship Program

9. IT: Remote working missing updates

10. HR: Electric Implementation of new HRIS

Key Takeaways

1. There has been a significant rise in phishing email attacks related to HR topics, especially those regarding new policies that would affect all employees throughout many types of organizations. Real phishing emails that were reported to IT departments related to security-minded users about password checks continue to remain popular.

2. Phishing email attacks leveraging COVID-19 were on every quarterly report in 2020, but those subjects have dropped dramatically in 2021. End users have become more savvy about scams related to that topic.

3. LinkedIn phishing messages have dominated the social media category for the last three years. Users may perceive these emails as legitimate since LinkedIn is a professional network. This could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses.

See KnowBe4’s original post.

Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. With a customer retention of over 98%, we pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.