[INFOGRAPHIC] New Report Shows Users Are Falling for Security and HR-Related Phishing Attacks

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, and 'in the wild' attacks .

HR Phishing Clicks are Spiking

There has been a significant rise in phishing email attacks related to HR topics, especially those regarding new policies that would affect all employees throughout many types of organizations. Real phishing emails that were reported to IT departments related to security-minded users about password checks continue to remain popular. Phishing email attacks leveraging COVID-19 were on every quarterly report in 2020, but those subjects have dropped dramatically in 2021. End users have become more savvy about scams related to that topic. 

“With more employees returning to the office, they are concerned about new policies that affect their everyday situations at work, which is why we are seeing a rise in these types of phishing attacks” said Stu Sjouwerman, CEO, KnowBe4. “These days, it is especially important for all end users to take a moment to double check a link or attachment and to question whether the email is expected or unexpected. Employees are truly an organization’s last line of defense. They can be the difference between a successful attack and an unsuccessful one with proper security awareness training and testing.”

LinkedIn Still Draws the Most Social Media Subject Clicks

LinkedIn phishing messages have dominated the social media category for the last three years. Users may perceive these emails as legitimate since LinkedIn is a professional network, which could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category also include Facebook and Twitter notifications, message alerts and login alerts.

See the Full Infographic with Top Messages in Each Category for Last Quarter:


Click here to download the full infographic (PDF). Great to share with your users!

In Q2 2021, we examined tens of thousands of email subject lines from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines for the Past Quarter Include:

  1. Password Check Required Immediately
  2. Vacation Policy Update
  3. Important: Dress Code Changes
  4. ACH Payment Receipt
  5. Test of the [[company_name]] Emergency Notification System
  6. Scheduled Server Maintenance -- No Internet Access
  7. COVID-19 Remote Work Policy Update
  8. Scanned image from MX2310U@[[domain]]
  9. Security Alert
  10. Failed Delivery

Most Common ‘In-The-Wild’ Emails for Q2 2021:

  • Zoom: Important issue
  • IT: Information Security Policy Review
  • Mastercard: Confirmation: Your One-Time Password
  • Facebook: Your account has been temporarily locked
  • Google: Take action to secure your compromised passwords
  • Microsoft: Help us protect you - Turn on 2-step verification to protect your account
  • Docusign: Lucile Green requests you to sign Mandatory Security Training documents
  • Internship Program
  • IT: Remote working missing updates
  • HR: Electric Implementation of new HRIS

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews