KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and ‘In the Wild’ - we get those results from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results.
LinkedIn Continues To Fool Users
Last quarter, more than half of all social media-related phishing emails imitated LinkedIn messages. This trend has been increasing quarter over quarter, likely because there is a perception that they would be legitimate coming from a professional network. It’s a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses.
Such a high percentage increases corporate risk of a phishing attack, ransomware breach or other social engineering-related threat. Social media sites in general are being used by cybercriminals as phish bait more and more each quarter. According to recent research from Vade Secure, social media phishing attacks are up by more than 70%.
“It feels good to ‘join my network’ or connect with someone in some way – that’s why social media phishing attacks are so successful,” said Stu Sjouwerman, CEO of KnowBe4. “Users innately trust their ‘verified’ contacts so are more apt to click on a link that come from someone they know. It’s becoming harder to identify phishing attacks, but our users are smarter than the bad guys think and can absolutely be trained to identify and avoid phishing and social engineering attacks."
Password Management and Actions Required Are Popular Ploys
Aside from social media-related messages, general subject lines related to password management were highest on the list. In-the-wild attacks – those that were actual phishing emails and not KnowBe4 testing emails – found greatest success when they asked for action from the recipient, such as being invited to share an Outlook calendar or being assigned a task in a Microsoft platform. This comes as no surprise as 80% of all brand deception phishing scams targeting execs pretend to be from Microsoft.
See the Infographic with All Top Messages in Each Category for Last Quarter: