Hackers are launching phishing attacks that play into email users' commitment to security, according to security awareness training and simulated phishing platform provider KnowBe4. These attacks often include email subject lines related to passwords, security alerts and other security topics.
In addition, KnowBe4's list of the top 10 most-clicked general email subject lines globally in the second quarter of 2018 included:
- Password Check Required Immediately (15 percent).
- Security Alert (12 percent).
- Change of Password Required Immediately (11 percent).
- A Delivery Attempt was made (10 percent).
- Urgent press release to all employees (10 percent).
- De-activation of ] in Process (10 percent).
- Revised Vacation & Sick Time Policy (9 percent).
- UPS Label Delivery, 1ZBE312TNY00015011 (9 percent).
- Staff Review 2017 (7 percent).
- Company Policies-Updates to our Fraternization Policy (7 percent).
* Capitalization and spelling are as they were in the phishing test subject line.
Comparatively, KnowBe4's list of the top 10 most-clicked general email subject lines globally in 2Q17 included:
1. Security Alert (21 percent).
2. Revised Vacation & Sick Time Policy (14 percent).
3. UPS Label Delivery 1ZBE312TNY00015011 (10 percent).
4. BREAKING: United Airlines Passenger Dies from Brain Haemorrhage – VIDEO (10 percent).
5. A Delivery Attempt was made (10 percent).
6. All Employees: Update your Healthcare Info (9 percent).
7. Change of Password Required Immediately (8 percent).
8. Password Check Required Immediately (7 percent).
9. Unusual sign-in activity (6 percent).
10. Urgent Action Required (6 percent).
Hackers frequently use email subject lines and messages that play into the human psyche of being popular or wanted, KnowBe4 indicated. As such, organizations must educate their employees about social engineering and other tactics that hackers use to bypass security defenses to limit the impact of phishing attacks.
How Can Organizations Address Phishing Attacks?
KnowBe4 offers free tools to help organizations address phishing attacks and other cyber threats, and these tools include:
- Breached Password Test (BPT): Checks to see if email users are leveraging passwords that are in publicly available breaches associated with a company's domain.
- Phish Alert Button: Provides email users with the ability to forward email threats to a security team for analysis and deletes malicious emails from a user's inbox.
- Phishing Security Test: Enables an organization to find out what percentage of its employees are prone to phishing attacks.
KnowBe4 also provides a security awareness training and simulated phishing platform that is used by more than 19,000 organizations worldwide. This platform enables organizations to test their users and networks and identify and resolve social engineering, spear phishing and ransomware attacks.