KnowBe4 releases Q3 2019 top-clicked phishing report
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q3 2019 top-clicked phishing report.
The results found that simulated phishing tests with an urgent message to check a password immediately were most effective, with 43% of users falling for it. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular at 48%, followed by Facebook at 37%.
“As cybersecurity threats persist, more and more end users are becoming security minded,” said Stu Sjouwerman, CEO, KnowBe4. “They have a vested interest in protecting their online lives, so a message that sounds urgent related to their password can entice someone to click. The bad guys are always looking for clever ways to trick end users, so they need to remain vigilant.”
Rounding out its quarterly reviews, in Q3 2019, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.
The Top 10 Most-Clicked General Email Subject Lines Globally for Q3 2019 include:
- Password Check Required Immediately
- A Delivery Attempt was made
- De-activation of [[email]] in Process
- New food trucks coming to [[company_name]]
- Updated Employee Benefits
- Revised Vacation & Sick Time Policy
- You Have A New Voicemail
- New Organizational Changes
- Change of Password Required Immediately
- Staff Review 2018
*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q3 2019 included:
- Skype: New Unread Voicemail Message
- Transaction Refund
- [[NAME]] shared a document with you
- Microsoft Teams: Please authenticate your account
- Bonus payments for selected employees
- Cisco Webex: Your account is blocked
- Amazon: Billing Address Mismatch
- USPS: High Priority Package: Track it now!
- Verizon: Security Update
- Adobe Cloud: Shared a file with you on Adobe Cloud
*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.
For more information on KnowBe4, visit www.knowbe4.com.
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 28,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.
Number 161 on the 2019 Inc. 500 list, #34 on 2018 Deloitte’s Technology Fast 500 and #2 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England, the Netherlands, Germany and offices in Brazil, Australia, Japan, South Africa and Singapore.