KnowBe4 2017 Top Clicked Phishing Test Analysis


Click on the Picture to download the full infographic in PDF format

Looking at the whole of 2017, there were some interesting shifts on what phishing emails were clicked from quarter to quarter. Usually there was a stand out for every quarter.

Over the course of the year, the top email templates clicked shifted each quarter for the general categories. The emphasis/most clicked at the beginning of the year in Q1 was on email and account updates.

The volume grew by nearly 50% the second quarter with the emphasis shifting to password changes and security alerts.

Third quarter saw a slight decline of top 10 clicks by about 13% with the emphasis shifting to HR and health care.

And the fourth quarter saw a definite seasonal shift with 34% of templates clicked related to packages.

Social templates clicked remained relatively consistent with LinkedIn a clear stand out and jumping considerably up for Q4. This is typically when people wait to change jobs but start looking for jobs and connections as well.

The main take-away after looking through the data is that people are *really* predictable.

There are basically 4 things that make people click:

  1. Promise of money: or threat of losing money
  2. Things that feed your hunger:  pizza in most instances, but also the Pumpkin Spice Latte (PSL) in Q4
  3. Threat of losing something : (non money related):  suspicious account activity, benefits, employment status
  4. Basic curiosity: new contact request, new email, new file, you've been tagged in a photo, etc.

Organizations wanting to phish their employees can pull any of these levers and know that they are emulating the basic drivers can cause a "knee-jerk click" reaction for phish prone employees. Similarly, criminals *already know* that these types of subjects will find the softest of targets and serve as an effective vector into an organization.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews