Jump to content
Sign in to follow this  

Q3 2019 top-clicked phishing emails by subject line

Recommended Posts


Each quarter, KnowBe4, the world’s leader in security awareness, reports on the top-clicked phishing emails by subject lines in three different categories: subjects related to social media, general subjects, and ‘In the Wild.’ The results come from the millions of users that click on the Phish Alert Button to report real phishing emails and allow KnowBe4 to analyze the results. 


LinkedIn and Facebook are convincing ploys

Nearly half of all social media-related phishing emails imitated LinkedIn messages. This is a trend we are seeing each quarter, likely because there is a perception that these emails appear to be legitimately coming from a professional network. It’s a significant problem because many LinkedIn users have their accounts tied to their corporate email addresses. 

The fall hiring season is very hot right now. With more than 20 million jobs posted, LinkedIn is the perfect way for scammers to trick users into becoming victims. We’ve also seen Facebook subject lines gaining traction, which isn’t a huge surprise as brand impersonation of the social network is surging

Password management continues to entice clicks

Aside from social media-related messages, general subject lines related to password management were highest on the list once again. Another common theme is HR-related messages that mention benefits, organizational changes and staff review. ‘In-the-wild’ attacks – those that were real phishing emails and not KnowBe4 templates – found the greatest success when they asked for action from the recipient or promised something of value. 

Top-clicked subject lines for Q3

Top 10 most-clicked general email subjects in Q3 2019: 

  1. Password Check Required Immediately
  2. A Delivery Attempt was made
  3. De-activation of [] in Process
  4. New food trucks coming to [[company_name]]
  5. Updated Employee Benefits
  6. Revised Vacation & Sick Time Policy
  7. You Have A New Voicemail
  8. New Organizational Changes
  9. Change of Password Required Immediately
  10. Staff Review 2018

Top-clicked social media related subjects in Q3 2019: 

Most common ‘in the wild’ attacks in this period were:

You can download the infographic here to share with your organization.

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created KnowBe4, and custom tests designed by KnowBe4 partners.

Protect your organization: start with security awareness training

Despite knowing the security risks, many companies don’t exactly know where to start when it comes to creating a security awareness program that will work for their organization.

MainSpring has eliminated the guesswork by partnering with KnowBe4 to provide you with an Automated Security Awareness Program (ASAP).

ASAP is a revolutionary new tool for organizations, which allows you to create a customized security awareness program for your organization that will show you all the steps needed to create a mature training program in just a few minutes.

View the full article

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...

Important Information

Terms of Use