Earlier this year, the Anti-Phishing Working Group (APWG) reported that phishing attacks had reached an all-time high.
Now, we know a little more about what specific type of phishing attacks end-users are falling for.
This week, KnowBe4 released a report detailing the top-clicked phishing email subjects, which it breaks down into three categories: social media related subjects, general subjects, and "in the wild" attacks.
Top 10 phishing email subjects
As the world begins to pivot away from remote work and back into the office, malicious cyber actors are also pivoting their phishing strategies.
Stu Sjouwerman, CEO of KnowBe4, discusses this below:
"With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks.
These days, it is especially important for all end users to take a moment to double check a link or attachment and to question whether the email is expected or unexpected."
In its report, the company says it reviewed tens of thousands of email subject lines from simulated phishing tests in Q2 2021. It found that 30% of the most clickable content had to do with the shifting landscape we are experiencing; this includes a shift in dress codes, remote work policies, and vacation time.
Here are the top 10 most clicked general email subject lines.
- Password Check Required Immediately
- Vacation Policy Update
- Important: Dress Code Changes
- ACH Payment Receipt
- Test of the [company_name] Emergency Notification System
- Scheduled Server Maintenance — No Internet Access
- COVID-19 Remote Work Policy Update
- Scanned image from MX2310U@[domain]
- Security Alert
- Failed Delivery
For more phishing information, you can read KnowBe4's quarterly report on phishing attacks.
