Top 10 Phishing Email Subjects: Q3 2022
Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into two different categories: those related to social media, general subjects, and 'In the Wild'.
The first category contains email subjects created by KnowBe4 to test their clients’ security posture. ‘In the Wild’ attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates. Vectors are the methods used in the phishing attack.
Top Clicked Email Subjects
Top 5 Most-Clicked General Email Subjects Globally in Q3 2022:
HR: Vacation Policy Update
HR: Important: Dress Code Changes
Password Check Required Immediately
HR: Your performance evaluation is due
Weekly Performance Report
Most Common 'In the Wild' Emails in Q3 2022:
Equipment and Software Update
Mail Notification: You have 5 Encrypted Messages
Amazon: Amazon - delayed shipping
Google: Password Expiration Notice
Action required: Your payment was declined
Top Attack Vectors in Q3 2022:
Link - Phishing Hyperlink in the Email
Spoofs Domain - Appears to Come From the User's Domain
PDF Attachment - Email Contains a PDF Attachment
Branded - Phishing Test Link Has User's Organizational Logo and Name
Credentials Landing Page - Phishing Link Directs User to Data Entry or Login Landing Page
Key Takeaways
Most emails are related to business or mention HR in the title.
Emails pretending to be from businesses were the most clicked subject category worldwide. They can come as messages supposedly from internal departments of an organization or external requests that seem urgent and entice users into taking some kind of action.
Recently, there have been an increasing number of business-related scams being sent from HR/IT/Managers. These scams are successful because they play on users' emotions and initial reactions before the person has time to think logically about whether or not the email is legitimate.
According to phishing tests and observations, the number one vector for cyberattacks is clicking on links in email bodies. These often lead to horrendous attacks such as ransomware and business email compromise.
See KnowBe4’s original post.
Kotman Technology has been delivering comprehensive technology solutions to clients in California and Michigan for nearly two decades. We pride ourselves on being the last technology partner you'll ever need. Contact us today to experience the Kotman Difference.