Top 10 Phishing Email Subjects: Q2 2022

Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into two different categories: those related to social media, general subjects, and 'In the Wild'.

The first category contains email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates. Vectors are the methods used in the phishing attack.

Top Clicked Email Subjects

Top 5 Most-Clicked General Email Subjects Globally in Q2 2022:

1. HR: Vacation Policy Update

2. HR: Important: Dress Code Changes

3. Password Check Required Immediately

4. HR: Your performance evaluation is due

5. Weekly Performance Report

Most Common 'In the Wild' Emails in Q2 2022:

1. HR: Your performance evaluation is due

2. Google: You were mentioned in a document: "Strategic Plan Draft"

3. IT: Inventory Form

4. Microsoft 365: Microsoft 365 has new password requirements

5. Amazon: Balance paid on your seller account

Top Attack Vectors in Q2 2022:

1. Link - Phishing Hyperlink in the Email

2. Spoofs Domain - Appears to Come From the User's Domain

3. Branded - Phishing Test Link Has User's Organizational Logo and Name

4. PDF Attachment - Email Contains a PDF Attachment

5. Credentials Landing Page - Phishing Link Directs User to Data Entry or Login Landing Page

Key Takeaways

Most emails are related to business or mention HR in the title.

1. This quarter there was an influx of business related emails which are more likely to be clicked on since employees do not want to have their work affected. Because it is work related, employees are also less likely to be suspicious of any links or of opening the email in the first place.

2. HR-related messages are difficult to not open because an employee might be afraid they will have repercussions for not reading or responding to something from Human Resources. This is a common tactic by cybercriminals since we are more likely to make critical errors when fear takes over and logic goes out the door.

3. Nearly all emails had phishing links of some sort and many spoof domains looked like they came from inside the company using the business logo and graphics. Knowing what to look for and taking the time to question an email’s authenticity can be the difference between reporting it to the IT department or having it be a serious breach of security.

See KnowBe4’s original post.

Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. We pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.