Q3 2020 Top-Clicked Phishing Subjects: Coronavirus-Related Attacks Still Prevalent [INFOGRAPHIC]

KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. These are broken down into three different categories: social media related subjects, general subjects, and 'in the wild' attacks .

Coronavirus-Related Phishing Subjects Are Still Prevalent

Phishing email attacks leveraging COVID-19 have been on every quarterly report this year, and they still made up 50% of the total in Q3 2020.

“During this pandemic, we’ve seen malicious hackers preying on users’ biggest weak points by sending messages that instill fear, uncertainty and doubt,” said Stu Sjouwerman, CEO, KnowBe4. “Our Q3 report confirms that coronavirus-related subject lines have remained their most promising attack type, as pandemic conditions weaken judgment, and lead to potentially detrimental clicks.”

Don't Dismiss Social Media as a Phishing Concern

We have seen a pattern of fake LinkedIn messages topping this list since we began running these reports in 2017. There is likely a perception that these emails are legitimate because they appear to be coming from a professional network. It's a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category reveal password resets, tagging of photos and new messages. For the first time we see messages purporting to be from WhatsApp.


See the Infographic with Top Messages in Each Category for Last Quarter:

Q3 2020 Top Clicked Phishing Email Subjects Infographic from KnowBe4

Click here to download the full infographic (PDF).  Great to share with your users!

In Q3 2020, we examined tens of thousands of email subject lines from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for the past quarter Include:

  1. Payroll Deduction Form
  2. Please review the leave law requirements
  3. Password Check Required Immediatelyi
  4. Required to read or complete: "COVID-19 Safety Policy"
  5. COVID-19 Remote Work Policy Update
  6. Vacation Policy Update
  7. Scheduled Server Maintenance -- No Internet Access
  8. Your team shared "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive
  9. Official Quarantine Notice
  10. COVID-19: Return To Work Guidelines and Requirements

Most Common‘In-The-Wild’ Emails in Q3 2020 Included:

  • Microsoft: View your Microsoft 365 Business Basic invoice
  • HR: Pandemic Policy Update
  • IT: Remote Access Infrastructure
  • Facebook: Account Warning
  • Check your passport expiration date
  • TeleMed Appointment Reminder
  • Twitter: Confirm your identity
  • Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12
  • Exchange ActiveSync service disabled for [[email]]
  • HR: Benefit Report

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

 See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews