KnowBe4's latest quarterly report on top-clicked phishing email subjects is here. We analyze the top categories, general subjects (in both the United States and Europe, Middle East and Africa), and 'in the wild' attacks.
Business, Online Services, and HR-Related Messages Get the Most Clicks
Business phishing emails remain the highest-clicked category around the world. This category contains typical communication that employees might receive. The subjects of these emails include fake invoices, purchase orders, requests for information, shared files, and more. Online Services includes messages that claim to be from well-known companies and most of the time contain spoofed domains of popular websites within the email copy. HR-related messages could potentially affect daily work and spoof the users' own domain with an “HR” mailbox name. The common thread is that the emails convey a sense of urgency and entice users to take an action.
Behavioral Differences Between the U.S. and EMEA
“When comparing the results from the U.S. phishing emails to those in Europe, the Middle East and Africa (EMEA), email subjects in the U.S. appear to originate from the users’ organizations and are focused on security alerts related to passwords and internal company policy changes,” said Stu Sjouwerman, CEO, KnowBe4. “However, in EMEA, the top subjects are related to users’ everyday tasks and the subject lines appear to be more personalized to entice the user to click. As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organization.”
See the Full Infographic with Top Messages in Each Category for Last Quarter:
Click here to download the full infographic (PDF). Great to share with your users!
In Q4 2021, we examined tens of thousands of email subject lines and categories from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.
Top 10 Email Categories Globally:
- Online Services
- Human Resources
- Banking and Finance
- Coronavirus/COVID-19 Phishing
- Mail Notifications
- Phishing for Sensitive Information
- Social Networking
Top Phishing Email Subjects:
- Password Check Required Immediately
- Important: Dress Code Changes
- Vacation Policy Update
- Important Social Media Policy Change
- Employee Discounts on Amazon for your Holiday Shopping
- Accept Invitation - Staff Meeting via Teams
- Employee Portal - Timecard Not Submitted
- Enclosed attachment for your review
- Immediate password verification required
- [[company_name]] Invoice
Common ‘In-The-Wild’ Emails for Q4 2021:
- IT: Cloud Enrollment
- Special Project Information
- You Have Some New Messages
- Teams Events
- Microsoft: Private Shared Document Received
*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.