Phishing schemes seem to be one of those always present annoyances that never seem to go away. The threat of phishing remains prevalent and scammers are becoming more convincing every day. Long gone are the days of Nigerian princes offering a 2 million dollar reward, now it is far more likely that ‘Google’ or ‘Facebook’ wants something from you, and it pays to be extra vigilant when this is the case.
A report from security awareness training organisation KnowBe4 has revealed a collection of the top-clicked phishing emails of 2020, Showing work-related email subjects as some of the top contenders. These may consist of policy changes, remote working access, or coronavirus updates.
These are not all hypothetical scenarios, they are taken from both real and simulated phishing scams that have been successful in convincing a person to click the link and enter their details. However, it is worth noting that social media messages are another area where phishing is on the rise, with LinkedIn phishing messages dominating the top spot for social media email subjects to watch out for.
In Q4, KnowBe4 scanned tens of thousands of email subject lines including subject lines that show actual users received and reported to their IT departments as suspicious.
Although these were indeed tests, the following list should provide an insight into what emails you need to be extra thorough with when they make their way into your inbox.
Top 10 General Email Subjects
Password Check Required Immediately
Touch base on meeting next week
Vacation Policy Update
COVID-19 Remote Work Policy Update
Important: Dress Code Changes
Scheduled Server Maintenance -- No Internet Access
Deactivation of [[email]] in process
Please review the leave law requirements
You have been added to a team in Microsoft Teams
Company Policy Notification: COVID-19 - Test & Trace Guidelines
Top 10 Subjects Received From Report
IT: Annual Asset Inventory
Changes to your health benefits
Twitter: Security alert: new or unusual Twitter login
Amazon: Action Required | Your Amazon Prime Membership has been declined
Zoom: Scheduled Meeting Error
Google Pay: Payment sent
Stimulus Cancellation Request Approved
Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
RingCentral is coming!
Workday: Reminder: Important Security Upgrade Required
Although the previous subject lines may not relate to you, it is crucial to note that these subject lines have been proven successful in the past. You should exercise extreme caution and thorough examination of the email before entering any details or clicking any buttons/ links. If you are curious about how to spot a phishing email, read our article on how to spot a phishing email.