Security News > 2020 > January > These subject lines are the most clicked for phishing
Social media messages have also effectively tricked users, notably when LinkedIn is the subject-55% were successful, with Facebook following at 28%. "Not surprisingly, LinkedIn email subjects top the social media list for Q4 in a pretty big way. Q4 is a time where people are setting resolutions for the following year, and this often involves a job search. Activity related to LinkedIn tends to spike in this quarter, meaning people are more likely to view and click these emails." Research for the report was gathered through an examination of thousands of email subject lines from simulated phishing tests.
KnowBe4 also reviewed "In-the-wild" email subject lines, which added previously received email as an additional incentive to open, as well as company emails reported to IT departments as suspicious.
Change of Password Required Immediately 26%.Microsoft/Office 365: De-activation of Email in Process 14%.Password Check Required Immediately 13%.HR: Employees Raises 8%.Dropbox: Document Shared With You 8%.IT: Scheduled Server Maintenance - No Internet Access 7%.Office 365: Change Your Password Immediately 6%.Avertissement des RH au sujet de l'usage des ordinateurs personnels 6%.Airbnb: New device login 6%.Slack: Password Reset for Account 6%. The above email subject lines are a combination of both simulated phishing templates KnowBe4 created and custom tests from their customers.
The "In-the-wild" email subject lines were gathered from actual user emails, which were then reported to their company IT department.
"As identifying phishing attacks from legitimate emails becomes trickier, it's more important than ever for end-users to look for red flags, and think before they click." KnowBe4 provides security awareness training and simulated phishing forum.