[INFOGRAPHIC] Q1 2021 Report Shows Users are More Savvy to COVID-19 Phishing Scams

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, and 'in the wild' attacks .

COVID-19 Phishing Scams Less Successful

Phishing email attacks leveraging COVID-19 were on every quarterly report in 2020, but those subjects aren't as successful a year later. Emails purporting to come from HR and security-related notifications are now on the rise.

“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks,” said Stu Sjouwerman, CEO, KnowBe4. “While users are becoming more savvy regarding COVID-19 phishing attacks, there is a steady increase of those falling for security-related email scams. The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check. Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”

Think Twice Before Clicking on that LinkedIn Email

LinkedIn phishing messages have dominated the social media category for the last three years. Users may perceive these emails as legitimate since LinkedIn is a professional network, which could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category also include Facebook and Twitter notifications, message alerts and login alerts.

See the Infographic with Top Messages in Each Category for Last Quarter:


Click here to download the full infographic (PDF).  Great to share with your users!

In Q1 2021, we examined tens of thousands of email subject lines from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for the past quarter Include:

  1. Password Check Required Immediately
  2. Revised Vacation & Sick Time Policy
  3. COVID-19 Remote Work Policy Update
  4. COVID-19 Vaccine Interest Survey
  5. Important: Dress Code Changes
  6. Scheduled Server Maintenance -- No Internet Access
  7. De-activation of [[email]] in Process
  8. Test of the [[company_name]] Emergency Notification System
  9. Scanned image from MX2310U@[[domain]]
  10. Recent Activity Report

Most Common ‘In-The-Wild’ Emails in Q1 2021 Included:

  • Microsoft 365: Scheduled Server Backup
  • IT: IT-Help Ticket Survey Invitation
  • Warning: Your E-mail account has just sent 260 E-Mails
  • Amazon Prime: Action required - Card on file has been declined
  • License Update
  • Google: Take action to secure your compromised passwords
  • Apple: Prize winner! We need your confirmation
  • Zoom: You missed a Zoom meeting
  • HR: Your payroll details needs updating
  • Facebook: Important message regarding your Facebook profile

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews