As most security breaches come as a result of social engineering, organisations are now looking to educate their staff on the the increasing threat of cyber attacks. These breaches arrive in the form of phishing, where bad actors send emails with deceptive content to attract and engage users, leading to unknowing downloads of malware or visibility into bank accounts or personal details.
KnowBe4, a simulated phishing platform provider, has compiled a report on the top 10 most-clicked phishing subject lines.
The study examined tens of thousands of email subject lines from simulated phishing tests and examined real-world subject lines that show actual emails users received and reported to their IT departments as suspicious.
The list below shows the top 10 most-clicked phishing subject lines, by percentage of recipients who clicked on the links:
Password check, or change of password, required immediately 19%
Your order with Amazon, or Amazon order receipt 16%
Announcement: Change in holiday schedule 11%
Happy Holidays! Have a drink on us 10%
Problem with bank account 8%
De-activation of [recipient's email] in progress 8%
Wire department 8%
Revised vacation and sick time policy 7%
Last reminder: Please respond immediately 6%
UPS label delivery 1ZBE312TNY00015011 6%
Analysing the study, the fact that ‘password’ subject lines clicked four out of four quarters shows that users are concerned about security. Similarly, users clicked on messages about company policies and deliveries each quarter, showing a general curiosity about issues that matter to them. In this way it is important to empower your staff to be resilient and on guard at all time for phishing. Every staff member is a potential target for bad actors, no matter what department they are in. After all, it only takes one click to get in the door.
To help your staff think before they click, enquire about our Cyber Security Awareness Training today.