Bridgeway Insights

The top 10 most-clicked phishing subject lines

The top 10 most-clicked phishing subject lines

Posted by Lisa Higgins 23 April 2019

As most security breaches come as a result of social engineering, organisations are now looking to educate their staff on the the increasing threat of cyber attacks. These breaches arrive in the form of phishing, where bad actors send emails with deceptive content to attract and engage users, leading to unknowing downloads of malware or visibility into bank accounts or personal details.


phishing credit card


KnowBe4, a simulated phishing platform provider, has compiled a report on the top 10 most-clicked phishing subject lines.

The study examined tens of thousands of email subject lines from simulated phishing tests and examined real-world subject lines that show actual emails users received and reported to their IT departments as suspicious.

phishing image


The list below shows the top 10 most-clicked phishing subject lines, by percentage of recipients who clicked on the links:

Password check, or change of password, required immediately 19%

Your order with Amazon, or Amazon order receipt 16%

Announcement: Change in holiday schedule 11%

Happy Holidays! Have a drink on us 10%

Problem with bank account 8%

De-activation of [recipient's email] in progress 8%

Wire department 8%

Revised vacation and sick time policy 7%

Last reminder: Please respond immediately 6%

UPS label delivery 1ZBE312TNY00015011 6%

Analysing the study, the fact that ‘password’ subject lines clicked four out of four quarters shows that users are concerned about security. Similarly, users clicked on messages about company policies and deliveries each quarter, showing a general curiosity about issues that matter to them. In this way it is important to empower your staff to be resilient and on guard at all time for phishing. Every staff member is a potential target for bad actors, no matter what department they are in. After all, it only takes one click to get in the door.

To help your staff think before they click, enquire about our Cyber Security Awareness Training today.

cyber security training offer