KnowBe4 Finds Coronavirus-Themed Phishing Spiked in Q2 2020 [INFOGRAPHIC]

The latest results of KnowBe4's quarterly top-clicked phishing email subjects are in. We report on three different categories: social media related subjects, general subjects, and 'in the wild' attacks .

Faked LinkedIn Messages Remain Top Social Media Ploy

Phishing emails that look like they are coming from LinkedIn have been at the top of the list since we began tracking these in 2017. There is likely a perception that these emails are legitimate because they appear to be coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category reveal password resets, tagging of photos and new messages. Free pizza is back after not being on the list in nearly two years.

Coronavirus-Themed Phishing Emails Are Rampant

The results found that phishing email attacks related to COVID-19 remained frequent in Q2 2020. Covering the entire second quarter, simulated phishing tests with a message related to the coronavirus were the most popular, with a total of 56%.

“It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims,” said Stu Sjouwerman, CEO, KnowBe4. “These phishing scams are becoming more aggressive and more targeted as this pandemic continues. Everyone should remain very skeptical of any email related to COVID-19 coming into their inbox.”

See the Infographic with Top Messages in Each Category for Last Quarter:

KnowBe4's Top Clicked Phishing Emails Q2 2020 Infographic

Click here to download the full infographic (PDF).  Great to share with your users!

In Q2 2020, we examined tens of thousands of email subject lines from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for the past quarter Include:

  1. Password Check Required Immediately
  2. Vacation Policy Update
  3. Branch/Corporate Reopening Schedule
  4. COVID-19 Awareness
  5. Coronavirus Stimulus Checks
  6. List of Rescheduled Meetings Due to COVID-19
  7. Confidential Information on COVID-19
  8. COVID-19 - Now airborne, Increased community transmission
  9. Fedex Tracking
  10. Your meeting attendees are waiting!

Most Common‘In-The-Wild’ Emails in Q2 2020 Included:

  • Microsoft: Abnormal log in activity on Microsoft account
  • Chase: Stimulus Funds
  • HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines
  • Zoom: Restriction Notice Alert
  • Jira: [JIRA] A task was assigned to you
  • HR: Vacation Policy Update
  • Ring: Karen has shared a Ring Video with you
  • Workplace: [[company_name]] invited you to use Workplace
  • IT: ATTENTION: Security Violation
  • Earn money working from home

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews