Email subject lines focused on security-minded end users are effective, says KnowBe4 phishing report

Stu Sjouwerman of KnowBe4

KnowBe4, a provider of security awareness training and a simulated phishing platform, has revealed the results of its Q3 2019 top-clicked phishing report.

The results found that simulated phishing tests with an urgent message to check a password immediately were most effective, with 43% of users falling for it. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular at 48%, followed by Facebook at 37%.

“As cybersecurity threats persist, more and more end users are becoming security minded” said Stu Sjouwerman, CEO, KnowBe4. “They have a vested interest in protecting their online lives, so a message that sounds urgent related to their password can entice someone to click. The bad guys are always looking for clever ways to trick end users, so they need to remain vigilant.”

Rounding out its quarterly reviews, in Q3 2019, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The top 10 most clicked general email subject lines globally for Q3 2019 include:

  • Password check required immediately
  • A delivery attempt was made
  • De-activation of [[email]] in process
  • New food trucks coming to [[company_name]]
  • Updated employee benefits
  • Revised vacation & sick time policy
  • You have a new voicemail
  • New organisational changes
  • Change of password required immediately
  • Staff review 2018

*Capitalisation and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q3 2019 included:

  • Skype: New unread voicemail message
  • Transaction refund
  • [[NAME]] shared a document with you
  • Microsoft Teams: Please authenticate your account
  • Bonus payments for selected employees
  • Cisco Webex: Your account is blocked
  • Amazon: Billing sddress mismatch
  • USPS: High Priority Package: Track it now!
  • Verizon: Security Update
  • Adobe Cloud: Shared a file with you on Adobe Cloud

*Capitalisation and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

Comment on this article below or via Twitter: @VanillaPlus OR @jcvplus

RECENT ARTICLES

IOT Solutions World Congress 2024 connects semiconductor chips to industry

Posted on: March 27, 2024

Essential to manufacture computers, smartphones, cars, refrigerators or any electronic device, semiconductors are critical elements in the implementation of the Internet of Things. For this reason, IOT Solutions World Congress

Read more

Telecoms to boost revenue with enterprise IoT monetisation

Posted on: March 27, 2024

A new study from Juniper Research has predicted operators will find revenue growth through the monetisation of enterprise markets, such as cellular IoT, to capitalise on the USD $900 billion global

Read more