[INFOGRAPHIC] Q4 2018 Top-Clicked Phishing Email Subjects from KnowBe4

KnowBe4 reports every quarter on the top-clicked phishing emails. Here we have the results for Q4 2018. We track three different categories: general email subjects, those related to social media and 'in the wild' attacks. The results come from a combination of the simulated phishing emails used by our customers as well as from the millions of users that click our Phish Alert Button to report suspicious emails to their IT department.

Trends That Persisted Throughout 2018

In reviewing the Q4 2018 most clicked subject lines, trends were easily identified; five subject line categories appeared quarter-over-quarter throughout 2018, including:

  • Deliveries
  • Passwords
  • Company Policies
  • Vacation
  • IT Department (in-the-wild)

 (You can compare past quarterly findings here.)

Additionally, three “in-the-wild subject lines” were clicked three out of four quarters and included Amazon, Wells Fargo and Microsoft as keywords.

The Subject Lines Tell Us Users Are Concerned About Security

“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security. Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click.”

Full Infographic Of Top Subjects In All Categories For The Last Quarter: 

Q4 2018 Top-Clicked Phishing Email Subjects from KnowBe4 Infographic

Q4 2018 Top-Clicked Phishing Email Subjects from KnowBe4. Full PDF here.

Top 10 Most-Clicked General Email Subjects in Q4 2018: 

  1. Password Check Required Immediately/Change of Password Required Immediately 19%
  2. Your Order with Amazon.com/Your Amazon Order Receipt 16%
  3. Announcement: Change in Holiday Schedule 11%
  4. Happy Holidays! Have a drink on us. 10%
  5. Problem with the Bank Account 8%
  6. De-activation of [[email]] in Process 8%
  7. Wire Department 8%
  8. Revised Vacation & Sick Time Policy 7%
  9. Last reminder: please respond immediately 6%
  10. UPS Label Delivery 1ZBE312TNY00015011 6%

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

Most Common 'In the Wild' Attacks in this period were:

  • Apple: You recently requested a password reset for your Apple ID 
  • Employee Satisfaction Survey
  • Sharepoint: You Have Received 2 New Fax Messages
  • Your Support Ticket is Closing
  • Docusign: You've received a Document for Signature
  • ZipRecruiter: ZipRecruiter Account Suspended
  • IT System Support
  • Amazon: Your Order Summary
  • Office 365: Suspicious Activity Report
  • Squarespace: Account billing failure

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

Free Phish Alert Button

When prominent phishing emails like this hit your organization, it is vital that IT staff be alerted immediately. The Phish Alert Button allows your users to report suspicious and potentially dangerous phishing emails when they slip past other security layers. It is a safe way for users to forward email threats to the security team for analysis and deletes the email from their inbox to prevent future exposure.

home-KnowBe4-Phish-AlertPhish Alert Benefits:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

Get your Phish Alert Button

Don't like to click on redirected links? Cut & Paste this link in your browser:


Subscribe To Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews