At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    KnowBe4’s Top-Clicked Phishing Email Results for Q4 2021 Compare the U.S. and EMEA

    KnowBe4’s latest quarterly report on top-clicked phishing email subjects is here. We analyse the top categories, general subjects (in both the United States and Europe, Middle East and Africa), and ‘in the wild’ attacks.

    Business, Online Services, and HR-Related Messages Get the Most Clicks

    Business phishing emails remain the highest-clicked category around the world. This category contains typical communication that employees might receive. The subjects of these emails include fake invoices, purchase orders, requests for information, shared files, and more. Online Services includes messages that claim to be from well-known companies and most of the time contain spoofed domains of popular websites within the email copy. HR-related messages could potentially affect daily work and spoof the users’ own domain with an “HR” mailbox name. The common thread is that the emails convey a sense of urgency and entice users to take an action.

    Behavioural Differences Between the U.S. and EMEA

    “When comparing the results from the U.S. phishing emails to those in Europe, the Middle East and Africa (EMEA), email subjects in the U.S. appear to originate from the users’ organizations and are focused on security alerts related to passwords and internal company policy changes,” said Stu Sjouwerman, CEO, KnowBe4. “However, in EMEA, the top subjects are related to users’ everyday tasks and the subject lines appear to be more personalized to entice the user to click. As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organization.”

    See the Full Infographic with Top Messages in Each Category for Last Quarter:

    Q42021

    In Q4 2021, we examined tens of thousands of email subject lines and categories from simulated phishing tests. We also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

    Top 10 Email Categories Globally:

    1. Business
    2. Online Services
    3. Human Resources
    4. IT
    5. Banking and Finance
    6. Coronavirus/COVID-19 Phishing
    7. Mail Notifications
    8. Holiday
    9. Phishing for Sensitive Information
    10. Social Networking

    Top Phishing Email Subjects:

    The U.S.

    1. Password Check Required Immediately
    2. Important: Dress Code Changes
    3. Vacation Policy Update
    4. Important Social Media Policy Change
    5. Employee Discounts on Amazon for your Holiday Shopping

    EMEA

    1. Accept Invitation – Staff Meeting via Teams
    2. Employee Portal – Timecard Not Submitted
    3. Enclosed attachment for your review
    4. Immediate password verification required
    5. [[company_name]] Invoice

    Common ‘In-The-Wild’ Emails for Q4 2021:

    • IT: Cloud Enrollment
    • Special Project Information
    • You Have Some New Messages
    • Teams Events
    • Microsoft: Private Shared Document Received

    *Capitalization and spelling are as they were in the phishing test subject line.
    **Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

     See results from all previous quarters in our Top Clicked Phishing Email Subjects topic.

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4’s Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    home-KnowBe4-Phish-Alert-2

    Here’s how it works:

    • Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user’s inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
    Get Your Phish Alert Button!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/free-phish-alert-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top