Ironically, the most successful phishing emails of Q3 2017 told recipients that they had been victims of a data breach.
This finding comes from a report from KnowBe4 that investigated the most effective phishing email subject lines. The report looked at tens of thousands of emails from simulated and custom phishing tests, and discovered that the most clicked subject line was ‘Official Data Breach Notification’.
Phishing subject lines
The top ten most clicked subject lines were:
- Official Data Breach Notification
- UPS Label Delivery 1ZBE312TNY00015011
- IT Reminder: Your Password Expires in Less Than 24 Hours
- Change of Password Required Immediately
- Please Read Important from Human Resources
- All Employees: Update your Healthcare Info
- Revised Vacation & Sick Time Policy
- Quick company survey
- A Delivery Attempt was made
- Email Account Updates
KnowBe4 also evaluated phishing email subject lines specifically from social networks. The most clicked subject lines were messages ostensibly from LinkedIn. This is worrying for organisations, as many people link their work email address to their LinkedIn account, and a successful phishing attack could expose the company to a data breach or further phishing emails.
Other common social media phishing emails claimed that someone had attempted to log in to their accounts, that they’d been tagged in a photo or that they’d received free pizza.
“Nearly impossible” for technology to protect you
Commenting on the study, KnowBe4’s chief evangelist and strategy officer, Perry Carpenter, said: “The level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats. Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes.”
You can take action against targeted phishing attacks by enrolling your staff on our Phishing Staff Awareness Course.
This online course shows your staff how phishing works, what to look out for and how to respond when they receive a malicious message. It’s ideal for all employees who use the Internet or email in their day-to-day duties and, as such, it’s delivered in simple terms that everyone in your organisation can understand.