KnowBe4 Top-Clicked Phishing Email Subjects for Q3 2022 [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, and top attack vector types.

Business-Related Phishing Attempts Still Trending

Business phishing emails have always been effective and continue to be successful because of their potential to affect a user’s workday and routine. This quarter’s results reveal that 40% of email subjects are HR related, creating a sense of urgency in users to act quickly, sometimes before thinking logically and taking the time to question the email’s legitimacy. We also see that the top attack vector for this quarter is phishing links in the body of an email. These combined tactics can have destructive outcomes for organizations and lead to a multitude of cyberattacks such as ransomware and business email compromise.

“As phishing emails evolve and become more sophisticated, it is imperative that organizations prioritize security awareness training for all employees, now more than ever,” said Stu Sjouwerman, CEO, KnowBe4. “Phishing emails that disguise themselves as internal communications are especially concerning since they are sure to grab the attention of users and typically incite action. New-school security awareness training for employees helps combat phishing and malicious emails by educating users on what to look out for— it is the key to creating a healthy level of skepticism to better protect an organization and build a stronger security culture.”


In Q3 2022, we examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. We also reviewed tens of thousands of email subject lines and categories from simulated phishing tests, and top attack vector types in both categories.  The results are below:

Common ‘In-The-Wild’ Emails for Q3 2022:

  • Equipment and Software Update
  • Mail Notification: You have 5 Encrypted Messages
  • Amazon: Amazon - delayed shipping
  • Google: Password Expiration Notice
  • Action required: Your payment was declined
  • Wells Fargo: Transfer Completed
  • DocuSign: Please review and sign your document
  • IT: IT Satisfaction Survey
  • Zoom: [[manager_name]] has sent you a message via Zoom Message Portal
  • Microsoft: Microsoft account security code

Top Phishing Email Subjects Globally

  1. Google: You were mentioned in a document; "Strategic Plan Draft"
  2. HR: Important: Dress Code Changes
  3. HR: Vacation Policy Update
  4. Adobe Sign: Your Performance Review
  5. Password Check Required Immediately
  6. Acknowledge Your Appraisal
  7. IT: Internet Report
  8. Main points from today's meeting
  9. USAA: Account Suspension
  10. Employee Expense Reimbursement for [[email]]

Top Attack Vector Types

  1. Link - Phishing Hyperlink in the Email
  2. Spoofs Domain - Appears to Come From the User's Domain
  3. PDF Attachment - Email Contains a PDF Attachment
  4. Branded - Phishing Test Link Has User's Organizational Logo and Name
  5. Credentials Landing Page - Phishing Link Directs User to Data Entry or Login Landing Page

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

The 2023 Phishing Industry Benchmarking Report

Benchmarking-2023-cover-modal-resizedThe 2023 Phishing By Industry Benchmarking Report compiles results from the sixth annual study by KnowBe4 and reveals at-risk users across 19 industries that are susceptible to phishing or social engineering attacks. Taking it a step further, the research reveals radical drops in careless clicking after 90 days and 12 months of simulated phishing testing and security awareness training using the KnowBe4 platform.

Download Report

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews