A cyber security awareness platform this week released a top ten list of Global Phishing Email Subject Lines for the second quarter of 2017.
KnowBe4, which is used by thousands of organisations worldwide, including many retailers, to raise their employees’ awareness of online social engineering risks, reports that 44% of phishing ‘hooks’ are related to LinkedIn messages.
KnowBe4 says the results of its recent research show that while users click most frequently on business-related subject lines (“Security Alert” is the highest ranked at 21 per cent), they still click with alarming frequency on subject lines not related to work topics and showing red flags.
According to Osterman Research, email has been the number one network infection vector since 2014. Attackers are switching to this method because it gives them more control than merely placing traps on the web and hoping that people will stumble over them
Email gives cybercriminals more scope to craft and distribute enticing material to both random and targeted victims.
KnowBe4’s Top 10 Global Most-Clicked Global Phishing Email Subject Lines for Q2 2017 include:
1. Security Alert – 21%
2. Revised Vacation & Sick Time Policy – 14%
3. UPS Label Delivery 1ZBE312TNY00015011 – 10%
4. BREAKING: United Airlines Passenger Dies from Brain Haemorrhage – VIDEO – 10%
5. A Delivery Attempt was made – 10%
6. All Employees: Update your Healthcare Info – 9%
7. Change of Password Required Immediately – 8%
8. Password Check Required Immediately – 7%
9. Unusual sign-in activity – 6%
10. Urgent Action Required – 6%
Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4 commented: “The subject lines we are reporting here actually made it through all the corporate filters and into the inbox of an employee. This means that a company’s ‘human firewall’ is an essential element of organisational security because people truly are the last line of defence.”
KnowBe4 says it evaluated more than 10,000 email servers in October last year and found that 82 per cent of them were misconfigured, allowing spoofed emails to successfully bypass endpoint security systems and enter an organisation’s network. Aggregating information on the most clicked phishing test subject lines and sharing that data with clients is another service that KnowBe4 offers to help protect against social engineering tactics.
Businesses not already working with KnowBe4 are invited to use a number of free tools at www.knowbe4.com to test their users and their network.