Phishing emails in Q421 focused on everyday tasks - research
Phishing emails in the last quarter of 2021 were primarily focused on users' everyday tasks, new research has found.
The information was revealed in KnowBe4's Q4 2021 top-clicked phishing report, which the company released this week.
KnowBe4 is a provider of a security and awareness training and simulated phishing platform.
"When comparing the results from the United States phishing emails to those in the rest of the world, email subjects in the United States appear to originate from the users' organisations and are focused on security alerts related to passwords and internal company policy changes," says Stu Sjouwerman, chief executive officer at KnowBe4.
"However, in the rest of the world, the top subjects are related to users' everyday tasks and the subject lines appear to be more personalised to entice the user to click," he says.
"As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organisation."
According to the report, the top 10 email categories globally are:
Business
Online Services
Human Resources
IT
Banking and Finance
Coronavirus/COVID-19 Phishing
Mail Notifications
Holiday
Phishing for Sensitive Information
Social Networking
Top phishing email subjects were also broken out, comparing those in the United States to those in the rest of the world. In the fourth quarter of 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed 'in-the-wild' email subject lines that show actual emails users received and reported to their IT departments as suspicious.
The results are below.
Top phishing email subjects, according to the Q4 2021 top-clicked phishing report:
Rest of the Word:
Accept Invitation - Staff Meeting via Teams
Employee Portal - Timecard Not Submitted
Enclosed attachment for your review
Immediate password verification required
[[company_name]] Invoice
The United States:
Password Check Required Immediately
Important: Dress Code Changes
Vacation Policy Update
Important Social Media Policy Change
Employee Discounts on Amazon for your Holiday Shopping
Common "In-the-Wild" attacks, according to the report were:
IT: Cloud Enrolment
Special Project Information
You Have Some New Messages
Teams Events
Microsoft: Private Shared Document Received
The KnowBe4 platform is used by more than 44,000 organisations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security.
Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's chief hacking officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defense.
