Q4 2019 KnowBe4 Finds Security-Related and Giveaway Phishing Email Subject Lines Get the Most Clicks


KnowBe4 releases Q4 2019 top-clicked phishing report

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q4 2019 top-clicked phishing report.

The results found that simulated phishing tests with an urgent message to check a password immediately were most effective, with 39% of users falling for it. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular at 55%, followed by Facebook at 28%.Q42019

“With more end users becoming security-minded, it’s easy to see how they fall for phishing scams related to changing or checking their passwords,” said Stu Sjouwerman, CEO, KnowBe4. “They should be especially cautious if an email seems to good to be true, such as a giveaway. As identifying phishing attacks from legitimate emails becomes trickier, it’s more important than ever for end users to look for the red flags and think before they click.”

In Q4 2019, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top 10 General Email Subjects

  • Change of Password Required Immediately 26%
  • Microsoft/Office 365: De-activation of Email in Process 14%
  • Password Check Required Immediately 13%
  • HR: Employees Raises 8%
  • Dropbox: Document Shared With You 8%
  • IT: Scheduled Server Maintenance – No Internet Access 7%
  • Office 365: Change Your Password Immediately 6%
  • Avertissement des RH au sujet de l’usage des ordinateurs personnels 6%
  • Airbnb: New device login 6%
  • Slack: Password Reset for Account 6%

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q4 2019 included:

  • SharePoint: Approaching SharePoint Site Storage Limit
  • Microsoft: Anderson Hauck has shared a Whiteboard with you
  • Office 365: Medium-severity alert: Unusual volume of file deletion
  • FedEx: Correct address needed for your package delivery on [[current_date_0]]
  • USPS: Your digital receipt is ready
  • Twitter: Your Twitter account has been locked
  • Google: Please Complete the Required Steps
  • Cash App: Your Account Has Been Closed
  • Coinbase: Important Please Resolve Error Now
  • Would you mind taking a look at this invoice?

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

For more information on KnowBe4, visit www.knowbe4.com.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 30,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.

Get the latest about social engineering

Subscribe to CyberheistNews