Security and Giveaway Phishing Emails Most Likely to Lure Users

KnowBe4 has issued its Q4:2019 top-clicked phishing report analyzing the results of tens of thousands of email subject lines from simulated phishing tests. Unsurprisingly, security related and giveaway phishing emails garnered the most clicks.

The top phishing lure that recipients were most likely to bite for: simulated phishing tests with an urgent message to check a password immediately, which “lured” 39% of recipients.

Rounding out the top 10 most clicked-on email subject lines were:

  • Microsoft/Office 365: De-activation of Email in Process (14%),
  • Password Check Required Immediately (13%),
  • HR: Employees Raises (8%),
  • Dropbox: Document Shared With You (8%),
  • IT: Scheduled Server Maintenance – No Internet Access (7%), and
  • with 6% each: Office 365: Change Your Password Immediately, Avertissement des RH au sujet de l’usage des ordinateurs personnels, Airbnb: New device login, and Slack: Password Reset for Account.

Phishing is understood to be among the top enablers of ransomware infections and other attack vectors. In addition to the findings of simulated phishing tests, KnowBe4 also reported on the “in the wild” email subject lines that proved most likely to trick users. The top 10 “in the wild” clicked-on subjects were:

  • SharePoint: Approaching SharePoint Site Storage Limit
  • Microsoft: Anderson Hauck has shared a Whiteboard with you
  • Office 365: Medium-severity alert: Unusual volume of file deletion
  • FedEx: Correct address needed for your package delivery on [[current_date_0]]
  • USPS: Your digital receipt is ready
  • Twitter: Your Twitter account has been locked
  • Google: Please Complete the Required Steps
  • Cash App: Your Account Has Been Closed
  • Coinbase: Important Please Resolve Error Now
  • Would you mind taking a look at this invoice?

An organization’s growing security awareness can actually work against users, KnowBe4 CEO Stu Sjouwerman notes. “With more end users becoming security-minded, it’s easy to see how they fall for phishing scams related to changing or checking their passwords.”

On the social media front, LinkedIn messages continue to dominate the top social media email subjects, with several variations of messages such as “you appeared in new searches” or “add me.” Other alerts containing security-related warnings come unexpectedly and can cause feelings of alarm. Messages such as a friend tagged you in a photo or mentioned you can also entice clicks.

Sjouwerman warns that users should be especially cautious if an email seems too good to be true, such as a giveaway. “As identifying phishing attacks from legitimate emails becomes trickier, it’s more important than ever for end-users to look for the red flags and think before they click.”

by Peter Kelley

Q42019 Phishing Report Infographic