sb-nz logo
Story image

COVID-related email subjects biggest threat in phishing scams

Coronavirus-related email subjects remain the biggest threat in phishing scams, according to new research from KnowBe4, a security awareness training and simulated phishing platform.

According to the results of the Q3 2020 top-clicked phishing report, phishing tests with a message related to the coronavirus were the most popular, with a total of 50%. 

Meanwhile, the report found social media messages are another area of concern when it comes to phishing, and LinkedIn phishing messages dominate as the top social media email subject to watch out for, holding the number one spot at 47%.

“During this pandemic, we’ve seen malicious hackers preying on users’ biggest weak points by sending messages that instil fear, uncertainty and doubt,” says Stu Sjouwerman, chief executive officer at KnowBe4. 

“Our Q3 report confirms that coronavirus-related subject lines have remained their most promising attack type, as pandemic conditions weaken judgment, and lead to potentially detrimental clicks," he says.

In Q3 2020, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. 

The Top 10 General Email Subjects according to KnowBe4 research: 

  • Payroll Deduction Form 
  • Please review the leave law requirements 
  • Password Check Required Immediately 
  • Required to read or complete: “COVID-19 Safety Policy” 
  • COVID-19 Remote Work Policy Update 
  • Vacation Policy Update 
  • Scheduled Server Maintenance -- No Internet Access 
  • Your team shared "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive 
  • Official Quarantine Notice 
  • COVID-19: Return To Work Guidelines and Requirements 

*Capitalisation and spelling are as they were in the phishing test subject line. 
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers. 

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q3 2020 included: 

  • Microsoft: View your Microsoft 365 Business Basic invoice 
  • HR: Pandemic Policy Update 
  • IT: Remote Access Infrastructure 
  • Facebook: Account Warning 
  • Check your passport expiration date 
  • TeleMed Appointment Reminder 
  • Twitter: Confirm your identity 
  • Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12 
  • Exchange ActiveSync service disabled for [[email]] 
  • HR: Benefit Report 

*Capitalisation and spelling are as they were in the phishing test subject line. 
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails. 

Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Network visibility is the crux of security in 2020
Resilience sits at the heart of security, and there is a need for organisations’ architecture, processes and strategies to be more impervious in order to continue to ensure protection, writes Gigamon A/NZ manager George Tsoukas.More
Story image
Palo Alto Networks launches new SD-WAN solutions and enhancements
Palo Alto Networks has introduced two new SD-WAN appliances and enhancements to its next-generation SD-WAN solution, expanding the company’s CloudGenix SD-WAN solutions reach.More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
SOC as a Service: Fortinet’s answer to today’s network challenges
Jon McGettigan, Fortinet A/NZ Regional Director, explains how SOC as a Service can back up your current SOC team, fast-track deployments and ensure regulatory compliance.More
Story image
Gartner names ThreatQuotient a representative vendor for SOAR
The company is listed in Gartner’s 2020 Market Guide for Security Orchestration, Automation and Response Solutions.More