KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has revealed the results of its latest 2021 top-clicked phishing report.
It found that, despite still seeing a few phishing email attacks related to COVID-19, users are becoming more savvy and alert to these types of scams. Real phishing emails that were reported to IT departments related to security-minded users about password checks are steadily rising in popularity.
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks,” said Stu Sjouwerman, CEO, KnowBe4. “While users are becoming more savvy regarding COVID-19 phishing attacks, there is a steady increase of those falling for security-related email scams. The bad guys go with what works and in Q1, nearly a third of the users who fell for a phishing email clicked on one related to a password check. Always check with your IT department through a known good phone number, email address or internal system before clicking on an email related to checking or changing a password because it only takes one wrong click to cause monumental damage.”
However, the study did find that social media messages are an area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 42%. This is particularly concerning given recent developments that data belonging to over 500 million LinkedIn users was scraped and recently been found for sale on the dark web.
In Q1 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.
Top 10 General Email Subjects*:
-Password Check Required Immediately
-Revised Vacation & Sick Time Policy
-COVID-19 Remote Work Policy Update
-COVID-19 Vaccine Interest Survey
-Important: Dress Code Changes
-Scheduled Server Maintenance — No Internet Access
-De-activation of [[email]] in Process
-Test of the [[company name]] Emergency Notification System
-Scanned image from MX2310U[[domain]]
-Recent Activity Report
When investigating ‘in-the-wild’** email subject lines, KnowBe4 found the most common throughout Q1 2021 included:
-Microsoft 365: Scheduled Server Backup
-IT: IT-Help Ticket Survey Invitation
-Warning: Your E-mail account has just sent 260 E-mails
-Amazon Prime: Action required – Card on file has been declined
-Google: Take action to secure your compromised passwords
-Apple: Prize winner! We need your confirmation
-Zoom: You missed a Zoom meeting
-HR: Your payroll details need updating
-Facebook: Important message regarding your Facebook profile
*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.