What are the Most Clicked Phishing Emails?

KnowBe4 has released a quarterly report that reveals the most clicked phishing emails in Q1, 2018 – The emails that are proving to be the most effective at fooling employees into clicking hyperlinks and opening potentially malicious email attachments.

The data from the report came from responses to phishing simulation emails delivered through its training platform. The simulated phishing emails mirror messages observed in real world attacks but are sent in a safe environment where clicks do not result in the installation of malware or the exposure of sensitive information.

The report has been released at an appropriate time. April has seen several warnings issued over phishing attacks. The U.S. Department of Health and Human Services has warned healthcare organizations in the United States to be on high alert as a “tidal wave” of phishing emails is expected.

There have also been several major data breaches reported by healthcare organizations that have occurred as a result of employees opening malicious messages. Research from Verizon, published in April, also shows that 98% of social engineering attacks and data breaches occur as a result of phishing emails.

The reason for the high volume of phishing emails is simple. They work. Hackers and scammers know all too well that targeting employees with phishing emails is much easier than trying to find chinks in organizations’ technological armor and the path of least resistance is taken.

For the report, KnowBe4 analyzed tens of thousands of phishing email subject lines to determine which were proving to be the most effective. In addition, an analysis was performed on email subject lines that had been observed in real world phishing attacks. So, what were the most clicked phishing emails?

Most Clicked Phishing Emails in Q1, 2018

The list below includes some changes from previous reports, although similar subject lines are being used time and time again as they are still proving to be effective at eliciting a click.

The two most effective phishing emails in Q1, 2018 were:

  1. Subject: A Delivery Attempt Was Made
  2. Subject: Change of Password Required Immediately

21% of end users responded to the first and 20% to the second.

Perhaps unsurprisingly since it is tax season, a phishing email subject line related to tax made third place. In the U.S, a W-2 Form is a summary of wages, salary, and tax information for employees, detailing the tax that has been withheld from paychecks. This form is needed in order for a tax return to be filed. The email was opened by 13% of users.

  1. Subject: W-2

The next two most clicked phishing emails got a response from 10% of end users:

  1. Subject: Company Policy Update for Fraternization
  2. Subject: UPS Label Delivery 1ZBE3112TNY00015011

Other subjects that often saw emails opened (2% to 8% of end users) are listed below, most of which relate to information sent internally within an organization. If email addresses are spoofed so it appears the emails come from within, it is understandable that these messages would be opened.

  1. Subject: Revised Vacation and Time Policy
  2. Subject: Staff Review 2017
  3. Subject: Urgent Press Release to All Staff
  4. Subject: Deactivation of (email) in Process
  5. Subject: Please Read: Important from HR

Given the high click rates of many of these messages they should be included in your security awareness training programs and phishing simulation exercises. Through training it is possible to reduce the susceptibility of employees to emails scams.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news