Q3 2020 KnowBe4 Finds Coronavirus-Related Phishing Email Attacks Still Prevalent


KnowBe4 releases Q3 2020 top-clicked phishing report

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today revealed the results of its Q3 2020 top-clicked phishing report.Q32020

The report reveals coronavirus-related email subjects remain the biggest threat. Covering the entire third quarter, simulated phishing tests with a message related to the coronavirus were the most popular, with a total of 50%. Social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 47%.

“During this pandemic, we’ve seen malicious hackers preying on users’ biggest weak points by sending messages that instill fear, uncertainty and doubt,” said Stu Sjouwerman, CEO, KnowBe4. “Our Q3 report confirms that coronavirus-related subject lines have remained their most promising attack type, as pandemic conditions weaken judgment, and lead to potentially detrimental clicks.”

In Q3 2020, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top 10 General Email Subjects

  • Payroll Deduction Form
  • Please review the leave law requirements
  • Password Check Required Immediately
  • Required to read or complete: “COVID-19 Safety Policy”
  • COVID-19 Remote Work Policy Update
  • Vacation Policy Update
  • Scheduled Server Maintenance -- No Internet Access
  • Your team shared "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive
  • Official Quarantine Notice
  • COVID-19: Return To Work Guidelines and Requirements

*Capitalization and spelling are as they were in the phishing test subject line.

**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q3 2020 included:

  • Microsoft: View your Microsoft 365 Business Basic invoice
  • HR: Pandemic Policy Update
  • IT: Remote Access Infrastructure
  • Facebook: Account Warning
  • Check your passport expiration date
  • TeleMed Appointment Reminder
  • Twitter: Confirm your identity
  • Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12
  • Exchange ActiveSync service disabled for [[email]]
  • HR: Benefit Report

*Capitalization and spelling are as they were in the phishing test subject line.

**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

For more information on KnowBe4, visit www.knowbe4.com.

 

About KnowBe4

KnowBe4, is the provider of the world’s largest security awareness training and simulated phishing platform, and is used by more than 35,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.

Get the latest about social engineering

Subscribe to CyberheistNews