Hackers are playing into users’ commitment to security with password checks, as well as their curiosity with a new voicemail or order on its way.
That’s according to KnowBe4‘s “Top 10 Global Phishing Email Subject Lines for Q3 2018.” The messages, compiled from analyzing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments.
Erich Kron, KnowBe4’s security awareness advocate, tells Channel Partners that credential phishing is on the rise and many of these attacks focus on getting users to give up those usernames and passwords.
“Once an attacker has access to the victim’s email account, they can reset other account passwords as well as using these legitimate accounts to attack others,” he said. “In organizations, this often leads to fake invoices being sent or to a redirection of payments to the attackers’ accounts.”
One of the most surprising findings was the increase in password-change requests, Kron said.
“This is substantially higher than last quarter and a definite change in trend,” he said. “When there are a series of high-profile data breaches or scams like the recent ‘sextortion‘ email going around that uses an exposed password in the subject line, people get nervous, and in this state of alarm, they are more likely to make mistakes. The addition of a cryptocurrency-related email is also a bit surprising, however, given the growth of cryptocurrency popularity and value, partners can expect to see more like this in the future.”
The Top 10 most-clicked general email subject lines globally for the third quarter include:
When investigating “in the wild” email subject lines, KnowBe4 found the most common for the third quarter included:
“The channel can use the heightened phishing risk to a) engage customers and accounts to prepare for a heavier onslaught on credential phishing, just in time for the holidays and b) train and phish users now to mitigate risk,” Kron said. “Organization employees tend to get stressed and overlook red flags, so the more they are aware of suspicious behavior, the better off the organization is.”
Eighty-seven percent of global executives view untrained staff as …
.@centurylinkbiz makes it easy for SMBs to purchase business-critical services with SIMPLE https://t.co/hmdzOxhuThttps://t.co/hmdzOxhuTburyLinkBiz
November 13 2018 @ 19:23:17 UTC
Hear how the personal use of mobile devices represents an enterprise security risk. Register for the webinar >>… https://t.co/w27nJFUKWZ
November 12 2018 @ 16:15:13 UTC