2022 Report Confirms Business-Related Phishing Emails Trend [INFOGRAPHIC]

KnowBe4's latest reports on top-clicked phishing email subjects have been released for 2022 and Q4 2022. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.

Business-Related Phishing Emails Continue 

Business phishing emails have always been effective and continue to be successful because of their potential to affect a user’s workday and routine. The 2022 results reveal that 49% of email subjects are HR related, creating a sense of urgency in users to act quickly, sometimes before thinking logically and taking the time to question the email’s legitimacy. Cybercriminals constantly refine their strategies to outsmart end users and organizations by changing phishing email subjects to be more believable and attention grabbing. This shift in phishing tactics over time is evident in the increasing trend of cybercriminals using business-related email subjects.

“Cybercriminals are smart and pay attention to what works and what does not when it comes to effective phishing emails,” said Stu Sjouwerman, CEO, KnowBe4. “This is why we see email subjects evolve and upgrade over time to keep up with end users and what they may be susceptible to. Phishing emails are a year-round threat and remain a challenge during the holiday season as well – holiday phishing emails are the one gift that no one wants to receive in their inbox. KnowBe4’s phishing test reports emphasize the importance of new-school security awareness training that educate users on the latest and most common cyber attacks and threats. A strong security culture and an educated workforce is an organization’s best defense to remain vigilant and stay safe online from cybercriminals and their attempted threats.”

Q4 2022 KnowBe4 Top-Clicked-Phishing Infographic

Download a copy of both the 2022 and the Q4 2022 KnowBe4 Phishing Infographics.

Each quarter, we examine ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. In Q4 2022 we saw mostly IT and online service notifications that could potentially affect users' daily work:

Common ‘In-The-Wild’ Emails for Q4 2022:

  • IT: Zoom Client Update
  • LinkedIn: LinkedIn Customer Service Survey
  • Microsoft: Update your security settings
  • Trust Wallet: Verify your Wallet
  • Amazon: Suspicious charges
  • Your fax is pending for preview
  • Banking Information does not match Company Information
  • HR: Complete Employee Badge Questionnaire
  • Docusign: Eligible for New Laptop
  • Webmail: Security alert for [[email]]

We have seen a lot more business related subjects coming from HR/IT/Managers in the past year. Others involve logins on new devices and password resets. These attacks are effective because they could potentially affect users' daily work, and cause a person to react before thinking logically about the legitimacy of the email:

Top Phishing Email Subjects Globally in Q4 2022

  1. HR: Vacation Policy Update
  2. HR: Important: Dress Code Changes
  3. Password Check Required Immediately
  4. Adobe Sign: Your Performance Review
  5. Acknowledge Your Appraisal
  6. Signed Invoice in Reply to User
  7. Double Charged Please Refund Payment
  8. Google: You were mentioned in a document: "Strategic Plan Draft"
  9. Main points from today's meeting
  10. [[company name]] financial report shared with you

In 2022 we started tracking the top attack vector types used in KnowBe4 Phishing Security Tests. Unsurprisingly, the #1 vector we saw each quarter was phishing links in the email body. When these links are clicked they often lead to disastrous cyberattacks such as ransomware and business email compromise. Other top attack vectors are as follows:

Top 5 Attack Vector Types in Q4 2022

  1. Link - Phishing Hyperlink in the Email
  2. Spoofs Domain - Appears to Come From the User's Domain
  3. PDF Attachment - Email Contains a PDF Attachment
  4. Branded - Phishing Test Link Has User's Organizational Logo and Name
  5. HTML Attachment - Email Contains an HTML Attachment

In addition to our standard categories, we also examined the most-clicked holiday phishing email subjects in Q4 2022. Similar to general phishing email subjects, holiday phishing email subjects largely consist of emails from HR and IT. However, they are also tailored specifically to the holiday season by mentioning holiday parties, gifts, food and more:

Top 10 Holiday Phishing Email Subjects in Q4 2022

  1. HR: Change in Holiday Schedule
  2. HR: Holiday Party Rule Changes
  3. IT: Holiday travel with your work device
  4. Happy New Year!
  5. Thanksgiving: Free Turkey or Ham for Holidays
  6. HR: Holiday Party Survey
  7. Please review: Appropriate Halloween costumes
  8. USPS: You missed your Christmas delivery!
  9. Amazon: You have cash remaining on your Amazon Christmas Card
  10. DrawNames: [[first_name]], you have been drawn a name for [[company_name]] Holiday Gift Exchange

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.


The 2023 Phishing Industry Benchmarking Report

Benchmarking-2023-cover-modal-resizedThe 2023 Phishing By Industry Benchmarking Report compiles results from the sixth annual study by KnowBe4 and reveals at-risk users across 19 industries that are susceptible to phishing or social engineering attacks. Taking it a step further, the research reveals radical drops in careless clicking after 90 days and 12 months of simulated phishing testing and security awareness training using the KnowBe4 platform.

Download Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews