Q3 2019 Top-Clicked Phishing Email Subjects from KnowBe4 [INFOGRAPHIC]

Q3-2019-SocialKnowBe4 reports on the top-clicked phishing emails by subject lines each quarter in three different categories: subjects related to social media, general subjects, and 'In the Wild' - we get those results from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results. 

LinkedIn and Facebook Are Convincing Ploys

Nearly half of all social media-related phishing emails imitated LinkedIn messages. This is a trend we are seeing each quarter, likely because there is a perception that these emails appear to be legitimately coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. 

The fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims. We've also seen Facebook subject lines gaining traction, which isn't a huge surprise as brand impersonation of the social network is surging

Password Management Continues to Entice Clicks

Aside from social media-related messages, general subject lines related to password management were highest on the list once again. Another common theme is HR-related messages that mention benefits, organizational changes and staff review. In-the-wild attacks – those that were real phishing emails and not KnowBe4 templates – found the greatest success when they asked for action from the recipient or promised something of value. 

See the Infographic with All Top Messages in Each Category for Last Quarter:


Click here to download the full infographic (PDF)  Great to share with your users!

Top-Clicked Social Media Related Subjects in Q3 2019: 

  • LinkedIn: You appeared in new searches!, Add me to your network, Profile Views, Password Reset, Deactivation Request
  • Facebook: Your friend tagged you in photos, Someone mentioned you, Primary email changed'
  • Someone has sent you a Direct Message on Twitter!
  • Login alert for Chrome on Motorola Moto X

Top 10 Most-Clicked General Email Subjects in Q3 2019: 

  1. Password Check Required Immediately
  2. A Delivery Attempt was made
  3. De-activation of [[email]] in Process
  4. New food trucks coming to [[company_name]]
  5. Updated Employee Benefits
  6. Revised Vacation & Sick Time Policy
  7. You Have A New Voicemail
  8. New Organizational Changes
  9. Change of Password Required Immediately
  10. Staff Review 2018

Most Common 'In the Wild' Attacks in this period were:

  • Skype: New Unread Voicemail Message
  • Transaction Refund
  • [[NAME]] shared a document with you
  • Microsoft Teams: Please authenticate your account
  • Bonus payments for selected employees
  • Cisco Webex: Your account is blocked
  • Amazon: Billing Address Mismatch
  • USPS: High Priority Package: Track it now!
  • Verizon: Security Update
  • Adobe Cloud: Shared a file with you on Adobe Cloud

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters here: https://blog.knowbe4.com/topic/top-clicked-phishing-email-subjects

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews