Here Are the Phishing Emails People Fall for the Most

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q3 2019 top-clicked phishing report.

The results found that simulated phishing tests with an urgent message to check a password immediately were most effective, with 43% of users falling for it. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular at 48%, followed by Facebook at 37%.

“As cybersecurity threats persist, more and more end users are becoming security minded,” said Stu Sjouwerman, CEO, KnowBe4. “They have a vested interest in protecting their online lives, so a message that sounds urgent related to their password can entice someone to click. The bad guys are always looking for clever ways to trick end users, so they need to remain vigilant.”

Rounding out its quarterly reviews, in Q3 2019, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for Q3 2019 include:

  • Password Check Required Immediately
  • A Delivery Attempt was made
  • De-activation of [[email]] in Process
  • New food trucks coming to [[company_name]]
  • Updated Employee Benefits
  • Revised Vacation & Sick Time Policy
  • You Have A New Voicemail
  • New Organizational Changes
  • Change of Password Required Immediately
  • Staff Review 2018

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q3 2019 included:

  • Skype: New Unread Voicemail Message
  • Transaction Refund
  • [[NAME]] shared a document with you
  • Microsoft Teams: Please authenticate your account
  • Bonus payments for selected employees
  • Cisco Webex: Your account is blocked
  • Amazon: Billing Address Mismatch
  • USPS: High Priority Package: Track it now!
  • Verizon: Security Update
  • Adobe Cloud: Shared a file with you on Adobe Cloud

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

Read more at KnowBe4

(Visited 6 times, 1 visits today)

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Leave a Reply

Latest from Cybersecurity

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

SIGN UP NOW for FREE News & Analysis on topics of your choice across homeland security!

BEYOND POLITICS.  IT'S ABOUT THE MISSION. 

Go to Top
Malcare WordPress Security