Every quarter, KnowBe4 reports on the top-clicked phishing emails by subject lines in three categories: Social, General, and 'In the Wild'. The latter category results come from the millions of users that click on our Phish Alert Button to report real phishing emails and allow our team to analyze the results.

Social Media Is Now A Part Of Everyday Business

A major trend this quarter is that half of all social media-related subjects looked like they were coming from LinkedIn. We've seen this particular message type trending upward quarter over quarter, which is significant because many LinkedIn users have their accounts tied to their corporate email addresses.

Such a high percentage increases corporate risk of a phishing attack, ransomware breach or other social engineering-related threat. Social media sites in general are a crucial piece in the cybercrime economy. According to recent research from Bromium, cybercriminals earn at least $3.25B per year from social media-enabled cybercrime.

As tempting as it may be to click in emails to see who viewed your profile or who wants to connect, it's more important than ever to think before you click and log in to your account directly.

Hacker's Tap Into Emotions, Causing Panicked Reactions

Aside from social media-related messages, a lot of subject lines contained phrases like de-activation of email, failed delivery and action required to elicit a sense of urgency from the user. These types of attacks are effective because they cause a person to react without thinking logically about the legitimacy of the email. Notices about delivery attempts, Amazon orders, and HR-related messages also prove to bee too enticing to ignore for many users.

See the Infographic with All Top Messages in Each Category for Last Quarter:

Click here to download the full infographic (PDF) Great to share with your users!

Top-Clicked Social Media Related Subjects in Q1 2019:

LinkedIn: Join my network, Profile Views, Add me to your network, New InMail Message

Facebook: Password Change, Primary email changed

Login alert for Chrome on Motorola Moto X

Your password was successfully reset

New voice message at 1:23AM

Your Friend Tagged a Photo of You

Top 10 Most-Clicked General Email Subjects in Q1 2019:

De-activation of [[email]] in Process A Delivery Attempt was made You Have A New Voicemail Failed Delivery for Package #5357343 Staff Review 2018 Revised Vacation & Sick Time Policy APD Notification Your Order with Amazon.com Re: w-2 Scanned image from MX2310U@[[domain]]

Most Common 'In the Wild' Attacks in this period were:

Wells Fargo: You have a new secure mail

Undelivered Mail

Etrade: Action Required!

Microsoft Teams: Rick sent a message

Microsoft/Office 365: Action required: Update your payment information now

Stripe: Just now someone logged in to your account

HR: Your Action Required

Amazon: Refund Notification

OneDrive: Your OneDrive is out of storage space

HR: Download your W2 now

*Capitalization and spelling are as they were in the phishing test subject line.

**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

See results from all previous quarters here: https://blog.knowbe4.com/topic/top-clicked-phishing-email-subjects

Free Phish Alert Button

Do your users know what to do when new phishing attacks hit their inbox? KnowBe4's Phish Alert Button gives them a safe way to forward email threats to the security team for analysis and deletes the email from the user's inbox to prevent future exposure. All with just one click!

Phish Alert benefits:

Reinforces your organization’s security culture

Users can report suspicious emails with just one click

Incident Response gets early phishing alerts from users, creating a network of “sensors”

Email is deleted from the user's inbox to prevent future exposure

Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)

Don't like to click on redirected links? Cut & Paste this link in your browser:

https://www.knowbe4.com/free-phish-alert