KnowBe4 Releases Q1 2018 Top-Clicked Phishing Report


(Howard) #1

TAMPA BAY, FLA. (PRWEB) APRIL 30, 2018

KnowBe4, the world’s largest security awareness training and simulated phishing platform, today shared its Top 10 Global Phishing Email Subject Lines for Q1 2018. The results are compiled from analyzing data of KnowBe4 users. While the results show that users, when delivered a simulated phishing test, still continue to open messages with a mix of subject lines related to personal and company notifications, KnowBe4 found an alarming trend with ‘in-the-wild’ emails. These messages, which based on actual messages they received and reported to their IT departments, show the top three subject lines relate to security concerns on school campuses.

This comes at a time when phishing emails continue to plague organizations. Just this month the U.S. State Department warned its staff against a “tidal wave” of malicious email meant to trick users into opening them. Verizon’s 2018 Data Breach Investigations Report, also issued this month, notes that phishing emails account for 98% of all social engineering related incidents and breaches. And while hackers have always used topical news stories to color their phish attempts, the rise in ‘in-the-wild’ emails related to campus security incidents the emotional depths to which these bad actors will go to breach an organization.

“Hackers do what works – and what works is manipulating a human’s psyche to make them feel curious, important or, sadly, scared. As technical controls continue to improve at thwarting automated attacks, hackers are upping their sophistication at bypassing technical controls through the use of social engineering,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4.

KnowBe4 understands that humans the attack surface of choice for cybercriminals. The company examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click. They also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT department as suspicious.

The Top 10 Most-Clicked General Email Subject Lines Globally for Q1 2018 include:

1. A Delivery Attempt Was Made – 21%
2. Change of Password Required Immediately – 20%
3. W-2 – 13%
4. Company Policy Update for Fraternization– 10%
5. UPS Label Delivery 1ZBE3112TNY00015011 – 10%
6. Revised Vacation and Time Policy – 8%
7. Staff Review 2017 – 7%
8. Urgent Press Release to All Staff – 5%
9. Deactivation of (email) in Process – 4%
10. Please Read: Important from HR – 2%

*Capitalization and spelling are as they were in the phishing test subject line
*Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the more common included:

IT DESK: Security Alert Reported on Campus
IT DESK: Campus Emergency Scare
IT DESK: Security Concern on Campus Earlier
Amazon: Billing Address Mismatch
Password Review
Urgent Security Event: Your account details were found online
Wells Fargo: New device detected
Microsoft: Updates to our terms of use
GasBuddy: Major car recall announced today
CNN: Facebook-Cambridge Analytica Apology Tour

*Capitalization and spelling are as they were in the phishing test subject line
*In-the-wild email subject lines represent actual emails users received and reported to their IT department as suspicious. They are not simulated phishing test emails.

Carpenter continued, “Again, as the addition of Facebook-Cambridge Analytica shows, we see news stories influencing the social engineering emails that hackers send. Cybercriminals expect that users will always be eager to correct a wrong address or to ensure that their bank accounts aren’t being breached. What’s not expected is a user population that has been properly trained to identify suspicious emails, no matter how well-disguised or emotionally charged they are. People are the last line of defense and it continues to be more and more important that organizations take this position seriously by, first and foremost, ensuring their users are properly trained.”

Businesses that are not already working with KnowBe4 to train their workforce into an effective last line of defense can utilize a number of free tools at http://www.knowbe4.com to test their users and their network.
http://www.prweb.com/releases/2018/04/prweb15450231.htm
Takeaways infographics in PDF: http://ww1.prweb.com/prfiles/2018/04/27/15450231/Q12018%20.pdf


(Howard) #2