Q1 2022 Report: Holiday-Themed Phishing Emails Entice Employees to Click [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and globally), and 'in the wild' attacks.

Business, Online Services, and HR-Related Messages Get the Most Clicks

Business phishing emails remain the highest-clicked category around the world. This category contains typical communication that employees might receive. The subjects of these emails include fake invoices, purchase orders, requests for information, shared files, and more. Online Services includes messages that claim to be from well-known companies and most of the time contain spoofed domains of popular websites within the email copy. HR-related messages could potentially affect daily work and spoof the users' own domain with an “HR” mailbox name. The common thread is that the emails convey a sense of urgency and entice users to take an action.

Holiday Schedule Changes and Gift Notifications Trigger an Emotional Response

“In our latest quarterly phishing report, we found that holiday-themed emails were the most tempting for employees to click on,” said Stu Sjouwerman, CEO, KnowBe4. “HR-related messages such as a change in the schedule for the holidays likely piqued interest from employees to see if they would receive an extra day off or shortened work schedule due to the holidays. It is important to remember that cybercriminals utilize various tactics such as preying on people’s emotions when executing their malicious scams. Remaining vigilant and adopting a heightened sense of suspicion around emails that trigger an emotional response can end up preventing a detrimental cybersecurity attack.”

See the Full Infographic with Top Messages in Each Category for Last Quarter:

KnowBe4 Q1 2022 Top-Clicked Phishing Report

Click here to download the full infographic (PDF). Great to share with your users!

In Q1 2022, we examined tens of thousands of email subject lines and categories from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top 10 Email Categories Globally:

  • Business 
  • Online Services 
  • Human Resources 
  • IT
  • Coronavirus/COVID-19 Phishing  
  • Banking and Finance
  • Phishing For Sensitive Information
  • Mail Notifications
  • Social Networking
  • Current Events

Top Phishing Email Subjects:

The U.S.

  1. HR: New requirements tracking Covid vaccinations
  2. Password Check Required Immediately
  3. HR: Vacation Policy Update
  4. HR: Important: Dress Code Changes
  5. Acknowledge Your Appraisal

Rest of the World

  1. Authorize Pending Transaction on your Wallet
  2. HR: Registration for COVID-19 Study
  3. IT: End of Year Password Policy
  4. HR: Code of Conduct
  5. Your Benefit Account Has Been Updated

Global Holiday Emails

  1. HR: Change in Holiday Schedule
  2. Someone special sent you a Valentine's Day ecard!
  3. St. Patrick's Day: Employee Behavior/Company Policies
  4. Our Valentine's Day Gift To You
  5. Starbucks: Happy Holidays! Have a drink on us.

Common ‘In-The-Wild’ Emails for Q4 2021:

  • IT: Software Update
  • Google Forms: Your Voice Engagement Survey
  • Zoom: You missed a Zoom meeting
  • Project Notice
  • Dropbox: Updates about your account

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews