At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    KnowBe4’s Q3 2021 Top-Clicked Phishing Email Report Includes New Global Data

    KnowBe4’s latest quarterly report on top-clicked phishing email subjects is here. They are now looking at the top categories globally, general subjects (in the United States and Europe, Middle East and Africa), and ‘in the wild’ attacks .

    Business, Online Services, and HR-Related Messages Get the Most Clicks

    Business phishing emails are the most clicked subject category around the world. These range from messages purporting to be from internal organizational departments, to external requests for information that convey a sense of urgency and entice users to take an action. Online Services includes messages that claim to be from well-known companies and often fool users. HR-related messages that could potentially affect daily work are always a popular ploy.

    “Social engineering attacks continue to be one of the top ways malicious hackers breach organizations and/or cause damage,” said Stu Sjouwerman, CEO, KnowBe4. “We are seeing a continued increase in phishing, including more use of common HR types of communications and less reliance on obvious social media phishing campaigns. By equipping security professionals with more data on likely tactics and templates used by cybercriminals executing phishing attacks, infosec professionals can strengthen their human firewall. Now more than ever, end users need to remain vigilant and remember to stop and think before they click.”

    Behavioral Differences Between the U.S. and EMEA

    In the U.S., most of the email subjects appear to originate from inside the users’ organization. Most of these appear to be from HR, and we also see a password warning. However, in EMEA, the top subjects are related to users’ everyday tasks, and we see two subjects that look like LinkedIn notifications.

    See the Full Infographic with Top Messages in Each Category for Last Quarter:

    KnowBe4's Q3 2021 Top-Clicked Phishing Email Report

    Great to share with your users!

    In Q3 2021, we examined tens of thousands of email subject lines and categories from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

    Top 10 Email Categories Globally:

    1. Business
    2. Online Services
    3. Human Resources
    4. IT
    5. Banking and Finance
    6. Coronavirus/COVID-19 Phishing
    7. Mail Notifications
    8. Phishing for Sensitive Information
    9. Social Networking
    10. Brand Knockoffs

    Top Phishing Email Subjects:

    The U.S.

    1. Vacation Policy Update
    2. Password Check Required Immediately
    3. Important: Dress Code Changes
    4. Acknowledge Your Appraisal
    5. Remote Working Satisfaction Survey

    EMEA

    1. Your Document is Complete – Save Copy
    2. Stefani has endorsed you!
    3. You have requested a reset to your LinkedIn password
    4. Windows 10 Upgrade Error
    5. Internet Capacity Warning

    Common ‘In-The-Wild’ Emails for Q3 2021:

    • IT: Odd emails from your account
    • IT: Upcoming Changes
    • HR: Remote Working Satisfaction Survey
    • Facebook: Your Facebook access has been temporarily disabled for identity check
    • Twitter: Potential Twitter Account Compromise

    *Capitalization and spelling are as they were in the phishing test subject line.
    **Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4’s Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    home-KnowBe4-Phish-Alert-2

    Here’s how it works:

    • Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user’s inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
    Get Your Phish Alert Button!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/free-phish-alert-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top