Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

Cross posted from our blog! Go to blog page link at bottom of this post to download the Infographic PDF.

KnowBe4’s latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, and ‘in the wild’ attacks .

Coronavirus-Related Phishing Subjects Are Still Prevalent

Phishing email attacks leveraging COVID-19 have been on every quarterly report this year, and they still made up 50% of the total in Q3 2020.

“During this pandemic, we’ve seen malicious hackers preying on users’ biggest weak points by sending messages that instill fear, uncertainty and doubt,” said Stu Sjouwerman, CEO, KnowBe4. “Our Q3 report confirms that coronavirus-related subject lines have remained their most promising attack type, as pandemic conditions weaken judgment, and lead to potentially detrimental clicks.”

Don’t Dismiss Social Media as a Phishing Concern

We have seen a pattern of fake LinkedIn messages topping this list since we began running these reports in 2017. There is likely a perception that these emails are legitimate because they appear to be coming from a professional network. It’s a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category reveal password resets, tagging of photos and new messages. For the first time we see messages purporting to be from WhatsApp.

In Q3 2020, we examined tens of thousands of email subject lines from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for the past quarter Include:

  1. Payroll Deduction Form
  2. Please review the leave law requirements
  3. Password Check Required Immediatelyi
  4. Required to read or complete: “COVID-19 Safety Policy”
  5. COVID-19 Remote Work Policy Update
  6. Vacation Policy Update
  7. Scheduled Server Maintenance – No Internet Access
  8. Your team shared “COVID 19 Amendment and Emergency leave pay policy” with you via OneDrive
  9. Official Quarantine Notice
  10. COVID-19: Return To Work Guidelines and Requirements

Most Common‘In-The-Wild’ Emails in Q3 2020 Included:

  • Microsoft: View your Microsoft 365 Business Basic invoice
  • HR: Pandemic Policy Update
  • IT: Remote Access Infrastructure
  • Facebook: Account Warning
  • Check your passport expiration date
  • TeleMed Appointment Reminder
  • Twitter: Confirm your identity
  • Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12
  • Exchange ActiveSync service disabled for [[email]]
  • HR: Benefit Report

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.
See the Infographic with Top Messages in Each Category for Last Quarter:

Featured Webinars

Advanced Phishing and

Monday 1:30 PM – 2:30 PM
» Learn More
Outlook Phish Alert Button
Tuesday 1:30 PM – 2:30 PM
» Learn More
Customizing Phishing Templates, Landing Pages, & Training Notifications
Wednesday 1:30 PM – 2:30 PM
» Learn More
Active Directory Integration
(ADI) Setup

Thursday 1:30 PM – 2:30 PM
» Learn More

Friday 1:30 PM – 2:30 PM
» Learn More

Privacy Policy | Terms of Service