Q1 2020 KnowBe4 Finds Coronavirus-Related Phishing Email Attacks Up 600%


KnowBe4 releases Q1 2020 top-clicked phishing report

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q1 2020 top-clicked phishing report.Q12020

The results found that phishing email attacks related to COVID-19 were up 600% in Q1 2020. Covering the entire first quarter, simulated phishing tests with an urgent message to check passwords immediately was most popular at 45%. Following this was a coronavirus-related message as the second most popular at 10%. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal new login alerts, password resets and someone may have accessed your account messages are coming onto the radar.   

“The bad guys are opportunists and they will use every chance they get to take advantage of people’s heightened emotions during crisis situations such as this one by trying to entice them to click on a malicious link or download an attachment laced with malware,” said Stu Sjouwerman, CEO, KnowBe4. “It’s no surprise that we’re seeing an explosion of phishing attacks related to the coronavirus because people are actively seeking more information about it. End users should be especially careful with any email they receive related to COVID-19 and immediately report suspicious looking emails to their IT department.”

In Q1 2020, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top 10 General Email Subjects

  • Password Check Required Immediately
  • CDC Health Alert Network: Coronavirus Outbreak Cases
  • PTO Policy Changes
  • Scheduled Sever Maintenance – No Internet Access
  • Test of the [[company_name]] Emergency Notification System
  • Revised Vacation & Sick Time Policy
  • De-activation of [[email]] in Process
  • Please Read Important from Human Resources
  • Someone special sent you a Valentine’s Day ecard!
  • You have been added to a team in Microsoft Teams

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q1 2020 included:

  • List of Rescheduled Meetings Due to COVID-19
  • SharePoint: Coronavirus (COVID-19) Tax Cut Document
  • Confidential Information on COVID-19
  • IT: Work from home - VPN connection
  • Comcast: Notification from Carl Vargas
  • Microsoft: Your meeting will begin soon
  • HR: New Employee Stock Purchase Plan
  • Vodafone: Caller Alert: Msg Received Today
  • Amazon Chime: Vonage invites you to join vonage_303136
  • Parking Authority: Parking Ticket: Pay Charge

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

For more information on KnowBe4, visit www.knowbe4.com.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 32,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.


Return To KnowBe4 Press Releases

Get the latest about social engineering

Subscribe to CyberheistNews