Q1 2018 Top Clicked Phishing Email Subjects [INFOGRAPHIC]

This is the second year we've published quarterly results of the most-clicked phishing email subjects across a few categories. We separate the data into subjects related to social media and general emails from the millions of phishing tests our customers run per year, the third 'In The Wild' category reflects common attacks we see as a result of millions of users clicking the Phish Alert Button on real phishing emails and sending the email to us for analysis.  

It is important that even the most vigilant users are staying up to date on current threats and specific subjects the bad guys are trying. Understanding the reasons particular subjects garner more clicks is also a great reminder to ALWAYS think before you click, and you can clearly see the hackers are always trying to use our psyche against us. 

Last quarter's results were a mix of personal and company notifications, showing email continues to be an effective way to phish users.

Q1 2018 Top Clicked Phishing Email Subjects Infographic


Top 10 Most-Clicked General Email Subject Lines Globally for Q4 2018 include:

  1. A Delivery Attempt Was Made - 21%
  2. Change of Password Required Immediately - 20%
  3. W-2 - 13%
  4. Company Policy Update for Fraternization - 10%
  5. UPS Label Delivery 1ZBE3112TNY00015011 - 10%
  6. Revised Vacation and Time Policy - 8%
  7. Staff Review 2017 - 7%
  8. Urgent Press Release to All Staff - 5%
  9. Deactivation of (email) in Process - 4%
  10. Please Read: Important from HR - 2%

Most common ‘in-the-wild’ email subject lines:

  • IT DESK: Security Alert Reported on Campus
  • IT DESK: Campus Emergency Scare
  • IT DESK: Security Concern on Campus Earlier
  • Amazon: Billing Address Mismatch
  • Password Review
  • Urgent Security Event: Your account details were found online
  • Wells Fargo: New device detected
  • Microsoft: Updates to our terms of use
  • GasBuddy: Major car recall announced today
  • CNN: Facebook-Cambridge Analytica Apology Tour

*Capitalization and spelling are as they were in the phishing test subject line
*In-the-wild email subject lines represent actual emails users received and reported to their IT department as suspicious. They are not simulated phishing test emails

Can This Data Really Make My Users More Secure?

The short answer is yes. Based on this data, KnowBe4 customers can and should model phishing campaigns using templates related to these subjects to strengthen their human firewall. We recommend starting with 1- and 2-star level tests -- these are easier to spot -- and over a 12-month period increase the difficulty level to 4- and 5-star templates which are much harder to identify. 

You can even target specific groups, departments, and/or individuals with different phishing difficulty levels. That way, security leaders can phish users at a maturity level that is most likely to help each group – and it also allows for some gamification.

Phishing Emails Account for 98% of Social Engineering Attacks

This comes at a time when phishing emails continue to plague organizations. Just this month the U.S. State Department warned its staff against a “tidal wave” of malicious email meant to trick users into opening them. Verizon’s 2018 Data Breach Investigations Report, also issued this month, notes that phishing emails account for 98% of all social engineering related incidents and breaches. And while hackers have always used topical news stories to color their phish attempts, the rise in ‘in-the-wild’ emails related to campus security incidents highlights the emotional depths to which these bad actors will go to breach an organization.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews