Q3 2019 Top-clicked Phishing Emails by Subject Line

Subscribe to Our Blog

Each quarter, KnowBe4, the world's leader in security awareness, reports on the top-clicked phishing emails by subject lines in three different categories: subjects related to social media, general subjects, and 'In the Wild.' The results come from the millions of users that click on the Phish Alert Button to report real phishing emails and allow KnowBe4 to analyze the results. 

LinkedIn and Facebook are convincing ploys

Nearly half of all social media-related phishing emails imitated LinkedIn messages. This is a trend we are seeing each quarter, likely because there is a perception that these emails appear to be legitimately coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. 

The fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims. We've also seen Facebook subject lines gaining traction, which isn't a huge surprise as brand impersonation of the social network is surging

Password management continues to entice clicks

Aside from social media-related messages, general subject lines related to password management were highest on the list once again. Another common theme is HR-related messages that mention benefits, organizational changes and staff review. 'In-the-wild' attacks – those that were real phishing emails and not KnowBe4 templates – found the greatest success when they asked for action from the recipient or promised something of value. 

Top-clicked subject lines for Q3

Top 10 most-clicked general email subjects in Q3 2019: 

  1. Password Check Required Immediately
  2. A Delivery Attempt was made
  3. De-activation of [[email]] in Process
  4. New food trucks coming to [[company_name]]
  5. Updated Employee Benefits
  6. Revised Vacation & Sick Time Policy
  7. You Have A New Voicemail
  8. New Organizational Changes
  9. Change of Password Required Immediately
  10. Staff Review 2018

Top-clicked social media related subjects in Q3 2019: 

  • LinkedIn: You appeared in new searches!, Add me to your network, Profile Views, Password Reset, Deactivation Request
  • Facebook: Your friend tagged you in photos, Someone mentioned you, Primary email changed'
  • Someone has sent you a Direct Message on Twitter!
  • Login alert for Chrome on Motorola Moto X

Most common 'in the wild' attacks in this period were:

  • Skype: New Unread Voicemail Message
  • Transaction Refund
  • [[NAME]] shared a document with you
  • Microsoft Teams: Please authenticate your account
  • Bonus payments for selected employees
  • Cisco Webex: Your account is blocked
  • Amazon: Billing Address Mismatch
  • USPS: High Priority Package: Track it now!
  • Verizon: Security Update
  • Adobe Cloud: Shared a file with you on Adobe Cloud

You can download the infographic here to share with your organization.

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created KnowBe4, and custom tests designed by KnowBe4 partners.

Protect your organization: start with security awareness training

Despite knowing the security risks, many companies don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

MainSpring has eliminated the guesswork by partnering with KnowBe4 to provide you with an Automated Security Awareness Program (ASAP).

ASAP is a revolutionary new tool for organizations, which allows you to create a customized security awareness program for your organization that will show you all the steps needed to create a mature training program in just a few minutes.

Schedule your free,  live ASAP demo »