Top 10 Phishing Email Subjects: Q2 2022

Each quarter, KnowBe4 - the world’s largest security awareness training and simulated phishing platform - publishes the top-clicked phishing emails by subject lines. The results come from their millions of users reporting real phishing emails. The subjects are categorized into two different categories: those related to social media, general subjects, and “In the Wild”.

The first category contains email subjects created by KnowBe4 to test their clients’ security posture. “In the Wild” attacks refer to those email subjects that were real phishing emails and not KnowBe4 templates. Vectors are the methods used in the phishing attack.

Top Clicked Email Subjects

Top 5 Most-Clicked General Email Subjects Globally in Q2 2022:

1. LinkedIn: Who's searching for you online?

2. IT: Internet Report

3. HR: Please update W4 for file

4. Acknowledge Your Appraisal

5. Employee Expense Reimbursement for [[email]]

Most Common “In the Wild” Emails in Q2 2022:

1. Xerox: New document was processed for [[email]]

2. Zoom: [[manager_name]] has sent you a message via Zoom Message Portal

3. Facebook: Your recent Facebook login

4. Your fax is pending for preview

5. Money has been successfully withdrawn from your Bank Account

Top Attack Vectors in Q2 2022:

1. Link - Phishing Hyperlink in the Email

2. Spoofs Domain - Appears to Come From the User's Domain

3. Branded - Phishing Test Link Has User's Organizational Logo and Name

4. PDF Attachment - Email Contains a PDF Attachment

5. Credentials Landing Page - Phishing Link Directs User to Data Entry or Login Landing Page

Key Takeaways

Most emails are related to business or mention HR in the title.

1. This quarter there was an influx of business related emails which are more likely to be clicked on since employees do not want to have their work affected. Because it is work related, employees are also less likely to be suspicious of any links or of opening the email in the first place. 

2. HR-related messages are difficult to not open because an employee might be afraid they will have repercussions for not reading or responding to something from Human Resources. This is a common tactic by cybercriminals since we are more likely to make critical errors when fear takes over and logic goes out the door.

3. Nearly all emails had phishing links of some sort and many spoof domains looked like they came from inside the company using the business logo and graphics. Knowing what to look for and taking the time to question an email’s authenticity can be the difference between reporting it to the IT department or having it be a serious breach of security.

See KnowBe4’s original post.

Ozark Technology is a Business Technology Provider that helps organizations across the country rethink the value technology brings to their business. Want to partner with us? Let’s chat.