Don’t Fall for These Top 10 Phishing Email Subject Lines


Scared Businessman at Computer

Cybercriminals are stepping up their game in trying to steal information via phishing emails, according to KnowBe4’s “Top 10 Global Phishing Email Subject Lines for Q1 2018.”

The results are compiled from analyzing data of KnowBe4 users. Phishing is the attempt to obtain sensitive information such as usernames, passwords and credit card details, often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.

The results show that, when delivered a simulated phishing test, users still continue to open messages with a mix of subject lines related to personal and company notifications.

“Hackers will do what works,” said Perry Carpenter, KnowBe4’s chief evangelist and strategy officer. “And what works is manipulating a human’s psyche to make them feel curious, important or even scared.”

In addition, Vade Secure has discovered a new phishing attack that represents more than 550 million emails sent since the first quarter. Countries with high concentrations of impacted email users include the United States, the United Kingdom, France, Germany and the Netherlands.

KnowBe4 also found an alarming trend with “in-the-wild” emails. These messages are based on actual messages users received and reported to their IT departments, and the top three subject lines relate to security concerns on school campuses.

“Cybercriminals expect that users will always be eager to correct a wrong address or to ensure that their bank accounts aren’t being breached,” Carpenter said. “What’s not expected is a user population that has been properly trained to identify suspicious emails, no matter how well-disguised or emotionally charged they are.”

Scroll through our gallery below to see the top 10 global phishing email subject lines, according to percentage clicked, and the most common “in-the-wild” subject lines.

One Policy to Rule Them All: Why Unified Endpoint Management Is Your Next Mobility Win
1. 'A Delivery Attempt Was Made' — 21 percent

Just last month, the U.S. State Department warned its staff against a “tidal wave” of malicious email meant to trick users into opening them. Last month, more than 2,000 employees received emails, texts and social-media messages aimed at fooling them into either downloading malware or handing over their login information, according to Politico.
VSG Fiber Lit Buildings April 2018
2. 'Change of Password Required Immediately' — 20 percent

Verizon’s 2018 Data Breach Investigations Report, also issued last month, notes that phishing emails account for 98 percent of all social engineering-related incidents and breaches. The bait is most often a malicious attachment, but can also be a link to a page that will request credentials or drop malware, according to the carrier.
OK sign
3. 'W-2' — 13 percent

"We are always looking at the differences (in phishing email subject lines) from quarter to quarter and year over year," Carpenter said. "What stood out this quarter was W-2 fraud and "urgent press release to all staff." These are two email subject lines that haven’t shown up in previous lists."
Channel Influencer Awards Hardware
4. 'Company Policy Update for Fraternization' — 10 percent

KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click. The email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
Office Depot at CP Expo 2018
5. 'UPS Label Delivery 1ZBE3112TNY00015011' — 10 percent

"We are seeing technical controls continuing to improve at thwarting automated attacks, so hackers are upping their sophistication at bypassing technical controls through the use of social engineering," Carpenter said. "We are also seeing that phishing bots and intelligent scraping of social media and the dark web are making automated spear phishing a very real, very hard-to-identify problem."
Megaphone Business
6. 'Revised Vacation and Time Policy' — 8 percent

The barrage of phishing emails presents a clear opportunity for the channel to educate end users on what to look out for when a potentially suspicious email comes through, Carpenter said. Partners can conduct new-school security awareness training, including simulated phishing exercises, he said.

"Putting your end users through real-life scenarios consisting of what a phishing email might look like is very helpful in thwarting these types of cyberattacks," he said.
Sprint at CP Expo 2018
7. 'Staff Review 2017' — 7 percent

According to Verizon, the motives for phishing are split between financial and espionage. Phishing is often used as the lead action of an attack and is followed by malware installation and other actions that ultimately lead to exfiltration of data.
Business Celebration
8. 'Urgent Press Release to All Staff' — 5 percent

"People are the last line of defense and it continues to be more and more important that organizations take this position seriously by, first and foremost, ensuring their users are properly trained," Carpenter said. "The channel can play a role by adding this critical layer of security into their offerings and work to educate their customers."
Picket sign for strike
9. 'Deactivation of (email) in Process' — 4 percent

If people receive an email, they should either delete it or forward it to their IT team and say they think it could be a phishing email, according to KnowBe4. The IT team then can take the necessary next steps. Some organizations may even offer a free tool so users can automatically forward an email that they think is suspicious.
10. 'Please Read: Important from HR' — 2 percent

The emails are often alarming and ask people to react and bypass their normal thought process, or what is often referred to as an OODA Loop (observe, orient, decide and act). In other cases, emails might make a user feel important, or cause them to think they are missing something.
Allure Security's John Sullivan
When investigating "in-the- wild" email subject lines, KnowBe4 found the more common included:

  • IT DESK: Security Alert Reported on Campus
  • IT DESK: Campus Emergency Scare
  • IT DESK: Security Concern on Campus Earlier
  • Amazon: Billing Address Mismatch
  • Password Review
  • Urgent Security Event: Your account details were found online
  • Wells Fargo: New device detected
  • Microsoft: Updates to our terms of use
  • GasBuddy: Major car recall announced today
  • CNN: Facebook-Cambridge Analytica Apology Tour

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 100256