Click on the Picture to download the full infographic in PDF format
Looking at the whole of 2017, there were some interesting shifts on what phishing emails were clicked from quarter to quarter. Usually there was a stand out for every quarter.
Over the course of the year, the top email templates clicked shifted each quarter for the general categories. The emphasis/most clicked at the beginning of the year in Q1 was on email and account updates.
The volume grew by nearly 50% the second quarter with the emphasis shifting to password changes and security alerts.
Third quarter saw a slight decline of top 10 clicks by about 13% with the emphasis shifting to HR and health care.
And the fourth quarter saw a definite seasonal shift with 34% of templates clicked related to packages.
Social templates clicked remained relatively consistent with LinkedIn a clear stand out and jumping considerably up for Q4. This is typically when people wait to change jobs but start looking for jobs and connections as well.
The main take-away after looking through the data is that people are *really* predictable.
There are basically 4 things that make people click:
- Promise of money: or threat of losing money
- Things that feed your hunger: pizza in most instances, but also the Pumpkin Spice Latte (PSL) in Q4
- Threat of losing something : (non money related): suspicious account activity, benefits, employment status
- Basic curiosity: new contact request, new email, new file, you've been tagged in a photo, etc.
Organizations wanting to phish their employees can pull any of these levers and know that they are emulating the basic drivers can cause a "knee-jerk click" reaction for phish prone employees. Similarly, criminals *already know* that these types of subjects will find the softest of targets and serve as an effective vector into an organization.