Skip navigation
Skip navigation
You are using an outdated browser. Please upgrade your browser.

Hackers do what works – and what works is manipulating a human’s psyche to make them feel curious, important or, sadly, scared

3 May, 2018 – KnowBe4, the world’s largest popular security awareness training and simulated phishing platform, today shared its Top 10 Global Phishing Email Subject Lines for Q1 2018. The results are compiled from analysing data of KnowBe4 users. While the results show that users, when delivered a simulated phishing test, still continue to open messages with a mix of subject lines related to personal and company notifications, KnowBe4 found an alarming trend with ‘in-the-wild’ emails. These messages, which based on actual messages they received and reported to their IT departments, show the top three subject lines relate to security concerns on school campuses.

This comes at a time when phishing emails continue to plague organisations. Just this month the U.S. State Department warned its staff against a “tidal wave” of malicious email meant to trick users into opening them. Verizon’s 2018 Data Breach

Investigations Report, also issued this month, notes that phishing emails account for 98% of all social engineering related incidents and breaches. And while hackers have always used topical news stories to colour their phish attempts, the rise in ‘in-the-wild’ emails related to campus security incidents highlights the emotional depths to which these bad actors will go to breach an organisation.

“Hackers do what works – and what works is manipulating a human’s psyche to make them feel curious, important or, sadly, scared. As technical controls continue to improve at thwarting automated attacks, hackers are upping their sophistication at bypassing technical controls through the use of social engineering,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4.

KnowBe4 understands that humans the attack surface of choice for cybercriminals. The company examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click. They also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT department as suspicious.

The Top 10 Most-Clicked General Email Subject Lines Globally for Q1 2018 include:

1. A Delivery Attempt Was Made 21%
2. Change of Password Required Immediately 20%
3. W-2 13%
4. Company Policy Update for Fraternisation 10%
5. UPS Label Delivery 1ZBE3112TNY00015011 10%
6. Revised Vacation and Time Policy 8%
7. Staff Review 2017 7%
8. Urgent Press Release to All Staff 5%
9. Deactivation of (email) in Process 4%
10. Please Read: Important from HR 2%
*Capitalisation and spelling are as they were in the phishing test subject line
*Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the more common included:
• IT DESK: Security Alert Reported on Campus
• IT DESK: Campus Emergency Scare
• IT DESK: Security Concern on Campus Earlier
• Amazon: Billing Address Mismatch
• Password Review
• Urgent Security Event: Your account details were found online
• Wells Fargo: New device detected
• Microsoft: Updates to our terms of use
• GasBuddy: Major car recall announced today
• CNN: Facebook-Cambridge Analytica Apology Tour

*Capitalisation and spelling are as they were in the phishing test subject line
*In-the-wild email subject lines represent actual emails users received and reported to their IT department as suspicious. They are not simulated phishing test emails.
Carpenter continued, “Again, as the addition of Facebook-Cambridge Analytica shows, we see news stories influencing the social engineering emails that hackers send. Cybercriminals expect that users will always be eager to correct a wrong address or to ensure that their bank accounts aren’t being breached. What’s not expected is a user population that has been properly trained to identify suspicious emails, no matter how well-disguised or emotionally charged they are. People are the last line of defence and it continues to be more and more important that organisations take this position seriously by, first and foremost, ensuring their users are properly trained.”
Businesses that are not already working with KnowBe4 to train their workforce into an effective last line of defence can utilise a number of free tools at to test their users and their network.

About KnowBe4
KnowBe4, the provider of the world’s most popular integrated new-school security awareness training and simulated phishing platform, is used by more than 17,000 organisations worldwide. Founded by data and IT security expert Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness of ransomware, CEO fraud and other social engineering tactics through a new-school approach to security awareness training. Kevin Mitnick, internationally recognised computer security expert and KnowBe4’s Chief Hacking Officer, helped design KnowBe4’s training based on his well-documented social engineering tactics. Thousands of organisations trust KnowBe4 to mobilise their end-users as the last line of corporate IT defence.
Number 231 on the 2017 Inc. 500 list, #70 on 2017 Deloitte’s Technology Fast 500 and #6 in Cybersecurity Ventures Cybersecurity 500. KnowBe4 is headquartered in Tampa Bay, Florida with European offices in England and the Netherlands.

KnowBe4 Contact:

Louise Burke
Origin Communications
Tel +44 (0) 7917 176095

This press release was distributed by ResponseSource Press Release Wire on behalf of Origin Comms Ltd in the following categories: Business & Finance, Education & Human Resources, Computing & Telecoms, for more information visit