Q1 2020 Coronavirus-Related Phishing Email Attacks Are Up 600%


KnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and 'In the Wild' - we get those results from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results. 

COVID-19 Related Attacks Up 600%

The second most popular message of the entire quarter was a fake CDC alert about Coronavirus cases. Social media messages are another area of concern when it comes to phishing. The past quarter's top-clicked social media email subjects reveal new login alerts, password resets and someone may have accessed your account messages are coming onto the radar.   

Password Management Continues to Entice Clicks

Aside from social media-related messages, general subject lines related to password management were highest on the list once again. Another common theme is HR-related messages that mention organizational changes that potentially impact the daily lives of employees. Popular in-the-wild attacks – those that were real phishing emails and not KnowBe4 templates – were focused heavily on subjects around the Coronavirus and working from home.

See the Infographic with All Top Messages in Each Category for Last Quarter:


Click here to download the full infographic (PDF). Great to share with your users!

Top-Clicked Social Media Related Subjects in Q1 2020: 

  • LinkedIn: Profile Views, Add me to your network, Security Update
  • Your friend tagged you in photos on Facebook
  • Login alert for Chrome on Motorola Moto X
  • Your password was successfully reset
  • Someone may have accessed your account
  • Someone has sent you a Direct Message on Twitter!
  • New voice message at 1:23AM

Top 10 Most-Clicked General Email Subjects in Q1 2020: 

  1. Password Check Required Immediately
  2. CDC Health Alert Network: Coronavirus Outbreak Cases
  3. PTO Policy Changes
  4. Scheduled Server Maintenance -- No Internet Access
  5. Test of the [[company_name]] Emergency Notification System
  6. Revised Vacation & Sick Time Policy
  7. De-activation of [[email]] in Process
  8. Please Read Important from Human Resources
  9. Someone special sent you a Valentine's Day ecard!
  10. You have been added to a team in Microsoft Teams

Most Common 'In the Wild' Attacks in this period were:

  • List of Rescheduled Meetings Due to COVID-19
  • SharePoint: Coronavirus (COVID-19) Tax Cut Document
  • Confidential Information on COVID-19
  • IT: Work from home - VPN connection
  • Comcast: Notification from Carl Vargas
  • Microsoft: Your meeting will begin soon
  • HR: New Employee Stock Purchase Plan
  • Vodafone: Caller Alert: Msg Received Today
  • Amazon Chime: Vonage invites you to join vonage_303136
  • Parking Authority: Parking Ticket: Pay Charge

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

See results from all previous quarters here: https://blog.knowbe4.com/topic/top-clicked-phishing-email-subjects


As your users work from home, keep security top of mind with the world's largest library of security awareness training content!

With over 300 pieces of training content that specifically address work from home scenarios, using mobile devices, safe internet use, and best practices for handling sensitive information, KnowBe4 has you covered!

Educate your users about the Coronavirus, the scams associated with the pandemic, along with how to keep your entire organization safe while your employees work from home.

ModStore03-1The ModStore Preview includes:

  • Interactive training modules
  • Compliance modules
  • Videos
  • Trivia Games
  • Posters and Artwork
  • Newsletters and more!

Visit The ModStore

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:



Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews