Q1 2023 Top-Clicked Phishing Report [INFOGRAPHIC]

KnowBe4's latest reports on top-clicked phishing email subjects have been released for Q1 2023. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.

 IT and Online Services Emails Drive Dangerous Attack Trend

This last quarter's results reflect the shift to IT and online service notifications such as laptop refresh or account suspension notifications that can affect end users’ daily work.

“Cybercriminals are constantly increasing the damage they cause to organizations by luring unsuspecting employees into clicking on malicious links or downloading fake attachments that seem realistic,” said Stu Sjouwerman, CEO, KnowBe4. “Emails that are disguised as coming from an internal source, such as the IT department, are especially dangerous because they appear to come from a trusted place where an employee would not necessarily question it or be as skeptical. Building up an organization’s human firewall by fostering a strong security culture is essential to outsmart bad actors.”   


Click here to download the full infographic (PDF). Great to share with your users!

Each quarter, we examine ‘in-the-wild’ email subject lines that show emails that users received and reported to their IT departments as suspicious. In 2023, we've seen mostly IT and online service notifications that could potentially affect users' daily work:

Common ‘In-The-Wild’ Emails for Q1 2023:

  • Please review updated financial policies
  • Zoom: The meeting has started! Where are you?
  • IT: Laptop Refresh
  • Meta: Suspicious Activity
  • Sharepoint: [[manager_name]] shared "Test_Data" with you
  • Microsoft: Microsoft's new password requirements
  • HR: Please verify your banking information
  • DocuSign: DocuSign Account Suspension Notice
  • Webmail: Security alert for [[email]]
  • Refund has been processed to your account

We have seen a lot more business related subjects coming from HR/IT/Managers in the past year. Others involve logins on new devices and password resets. Tax-related email subjects became more popular as the U.S. prepared for tax season in Q1. These attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email:

Top Phishing Email Subjects Globally

  1. HR: Vacation Policy Update
  2. Password Check Required Immediately
  3. HR: Important: Dress Code Changes
  4. Adobe Sign: Your Performance Review
  5. HR: Please update W4 for file
  6. IT: Internet Report
  7. Acknowledge Your Appraisal
  8. Employee Expense Reimbursement for [[email]]
  9. Please review the W-9 Agreement Documents
  10. Recent Activity Report

Unsurprisingly, the #1 attack vector we've seen each quarter was phishing links in the email body. When these links are clicked they often lead to disastrous cyberattacks such as ransomware and business email compromise. Other top attack vectors are as follows:

Top 5 Attack Vector Types

  1. Link - Phishing Hyperlink in the Email
  2. Spoofs Domain - Appears to Come From the User's Domain
  3. PDF Attachment - Email Contains a PDF Attachment
  4. Branded - Phishing Test Link Has User's Organizational Logo and Name
  5. HTML Attachment - Email Contains an HTML Attachment

Holiday phishing email subjects for the beginning of the year largely such as a change in schedule, gift card and spa package giveaway are used as bait for unsuspecting users. 

Top 10 Holiday Phishing Email Subjects in Q1 2023

  1. HR: Change in Holiday Schedule
  2. New Year Gift Card
  3. Happy St. Patrick's Day
  4. Happy New Year!
  5. Massage Green SPA: Win Free Massage for Valentine's Day!

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

Free Phish Alert Button

Do your users know what to do when they receive a phishing email? KnowBe4's Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

home-KnowBe4-Phish-Alert-2Here's how it works:

  • Reinforces your organization’s security culture
  • Users can report suspicious emails with just one click
  • Incident Response gets early phishing alerts from users, creating a network of “sensors”
  • Email is deleted from the user's inbox to prevent future exposure
  • Easy deployment via MSI file for Outlook, Google Workspace deployment for Gmail (Chrome) and manifest install for Microsoft 365

Get Your Phish Alert Button

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews