Top 10 Phishing Email Subjects: Q3 2022

Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into two different categories: those related to social media, general subjects, and 'In the Wild'.

The first category contains email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates. Vectors are the methods used in the phishing attack.

Top Clicked Email Subjects

Top 5 Most-Clicked General Email Subjects Globally in Q3 2022:

  1. HR: Vacation Policy Update

  2. HR: Important: Dress Code Changes

  3. Password Check Required Immediately

  4. HR: Your performance evaluation is due

  5. Weekly Performance Report

Most Common 'In the Wild' Emails in Q3 2022:

  1. Equipment and Software Update

  2. Mail Notification: You have 5 Encrypted Messages

  3. Amazon: Amazon - delayed shipping

  4. Google: Password Expiration Notice

  5. Action required: Your payment was declined

Top Attack Vectors in Q3 2022:

  1. Link - Phishing Hyperlink in the Email

  2. Spoofs Domain - Appears to Come From the User's Domain

  3. PDF Attachment - Email Contains a PDF Attachment

  4. Branded - Phishing Test Link Has User's Organizational Logo and Name

  5. Credentials Landing Page - Phishing Link Directs User to Data Entry or Login Landing Page

Key Takeaways

Most emails are related to business or mention HR in the title.

  1. Emails pretending to be from businesses were the most clicked subject category worldwide. They can come as messages supposedly from internal departments of an organization or external requests that seem urgent and entice users into taking some kind of action.

  2. Recently, there have been an increasing number of business-related scams being sent from HR/IT/Managers. These scams are successful because they play on users' emotions and initial reactions before the person has time to think logically about whether or not the email is legitimate.

  3. According to phishing tests and observations, the number one vector for cyberattacks is clicking on links in email bodies. These often lead to horrendous attacks such as ransomware and business email compromise.

See KnowBe4’s original post.


Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. We pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.

Previous
Previous

How to Keep Your Devices Secure During Holiday Travel

Next
Next

What's That Term?: WiFi Network