KnowBe4's latest reports on top-clicked phishing email subjects have been released for Q2 2023. We analyze 'in the wild' attacks reported via our Phish Alert Button, top subjects globally clicked on in phishing tests, top attack vector types, and holiday email phishing subjects.
This last quarter's results reflect the popularity of HR-related email subjects such vacation policy notifications, dress code changes, and past due training alerts that can affect end users’ daily work.
“The threat of phishing emails remains as high as ever as cybercriminals continuously tweak their messages to be more sophisticated and seemingly credible, now with the help of GenAI and returning to the office ,” said Stu Sjouwerman, CEO, KnowBe4. “The trend of phishing emails revealed in the Q2 phishing report is especially concerning, as 50% of these emails appear to come from HR – a trusted and crucial department of so many, if not all organizations. These disguised emails take advantage of employee trust and typically incite action that can result in disastrous outcomes for the entire organization. New-school security awareness training for employees is crucial to help combat phishing and malicious emails by educating users on the most common cyber attacks and threats. An educated workforce is an organization’s best defense and is essential to fostering and maintaining a strong security culture.”
Click here to download the full infographic (PDF). Great to share with your users!
Each quarter, we examine ‘in-the-wild’ email subject lines that show real emails that users received and reported to their IT departments as suspicious. In addition to HR subjects, we see important looking messages dealing with purchases and financial institutions, as well as IT and online service notifications:
Unsurprisingly, phishing links in the email body is consistently the #1 attack vector we see every quarter. When these links are clicked they often lead to disastrous cyberattacks such as ransomware and business email compromise. Other top attack vectors are as follows:
Holiday phishing email subjects such as a change in schedule, surveys, and notifications about celebrations are used as bait for unsuspecting users mid-year.
*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.