Malicious Hackers Target the Safety-Minded, Curious in Phishing Schemes


Hackers are playing into users’ commitment to security with password checks, as well as their curiosity with a new voicemail or order on its way.

That’s according to KnowBe4‘s “Top 10 Global Phishing Email Subject Lines for Q3 2018.” The messages, compiled from analyzing KnowBe4 user data, are based on simulated phishing tests users received or real-world emails sent to users who then reported them to their IT departments.

KnowBe4's Erich Kron

KnowBe4’s Erich Kron

Erich Kron, KnowBe4’s security awareness advocate, tells Channel Partners that credential phishing is on the rise and many of these attacks focus on getting users to give up those usernames and passwords.

“Once an attacker has access to the victim’s email account, they can reset other account passwords as well as using these legitimate accounts to attack others,” he said. “In organizations, this often leads to fake invoices being sent or to a redirection of payments to the attackers’ accounts.”

One of the most surprising findings was the increase in password-change requests, Kron said.

“This is substantially higher than last quarter and a definite change in trend,” he said. “When there are a series of high-profile data breaches or scams like the recent ‘sextortion‘ email going around that uses an exposed password in the subject line, people get nervous, and in this state of alarm, they are more likely to make mistakes. The addition of a cryptocurrency-related email is also a bit surprising, however, given the growth of cryptocurrency popularity and value, partners can expect to see more like this in the future.”

The Top 10 most-clicked general email subject lines globally for the third quarter include:

  • Password Check Required Immediately, 34 percent
  • You Have a New Voicemail, 13 percent
  • Your order is on the way, 11 percent
  • Change of Password Required Immediately, 9 percent
  • De-activation of [[email]] in Process, 8 percent
  • UPS Label Delivery 1ZBE312TNY00015011, 6 percent
  • Revised Vacation & Sick Time Policy, 6 percent
  • You’ve received a Document for Signature, 5 percent
  • Spam Notification: 1 New Messages, 4 percent
  • [ACTION REQUIRED] – Potential Acceptable Use Violation, 4 percent

When investigating “in the wild” email subject lines, KnowBe4 found the most common for the third quarter included:

  • You have a new encrypted message
  • IT: Syncing Error – Returned incoming messages
  • HR: Contact information
  • FedEx: Sorry we missed you.
  • Microsoft: Multiple log in attempts
  • Wells Fargo: Irregular Activities Detected on Your Credit Card
  • LinkedIn: Your account is at risk!
  • Microsoft/Office 365: [Reminder]: your secured message
  • Coinbase: Your cryptocurrency wallet: Two-factor settings changed

“The channel can use the heightened phishing risk to a) engage customers and accounts to prepare for a heavier onslaught on credential phishing, just in time for the holidays and b) train and phish users now to mitigate risk,” Kron said. “Organization employees tend to get stressed and overlook red flags, so the more they are aware of suspicious behavior, the better off the organization is.”

Eighty-seven percent of global executives view untrained staff as …

Pages:  1 2 Next

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 110945