KnowBe4’s latest quarterly report on top-clicked phishing email subjects is here. We are now looking at the top categories globally, general subjects (in the United States and Europe, Middle East and Africa), and ‘in the wild’ attacks .
Business phishing emails are the most clicked subject category around the world. These range from messages purporting to be from internal organizational departments, to external requests for information that convey a sense of urgency and entice users to take an action. Online Services includes messages that claim to be from well-known companies and often fool users. HR-related messages that could potentially affect daily work are always a popular ploy.
“Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage,” said Stu Sjouwerman, CEO, KnowBe4. “We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns. By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”
In the U.S., most of the email subjects appear to originate from inside the users’ organization. Most of these appear to be from HR, and we also see a password warning. However, in EMEA, the top subjects are related to users’ everyday tasks, and we see two subjects that look like LinkedIn notifications.