KnowBe4 Finds Email Subject Lines Focused on Security-Minded End Users are Effective

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q3 2019 top-clicked phishing report.

Q32019

The results found that simulated phishing tests with an urgent message to check a password immediately were most effective, with 43% of users falling for it. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media email subjects reveal that LinkedIn messages are the most popular at 48%, followed by Facebook at 37%.

“As cybersecurity threats persist, more and more end users are becoming security minded,” said Stu Sjouwerman, CEO, KnowBe4. “They have a vested interest in protecting their online lives, so a message that sounds urgent related to their password can entice someone to click. The bad guys are always looking for clever ways to trick end users, so they need to remain vigilant.”

Rounding out its quarterly reviews, in Q3 2019, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for Q3 2019 include:

  • Password Check Required Immediately
  • A Delivery Attempt was made
  • De-activation of [[email]] in Process
  • New food trucks coming to [[company_name]]
  • Updated Employee Benefits
  • Revised Vacation & Sick Time Policy
  • You Have A New Voicemail
  • New Organizational Changes
  • Change of Password Required Immediately
  • Staff Review 2018

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q3 2019 included:

  • Skype: New Unread Voicemail Message
  • Transaction Refund
  • [[NAME]] shared a document with you
  • Microsoft Teams: Please authenticate your account
  • Bonus payments for selected employees
  • Cisco Webex: Your account is blocked
  • Amazon: Billing Address Mismatch
  • USPS: High Priority Package: Track it now!
  • Verizon: Security Update
  • Adobe Cloud: Shared a file with you on Adobe Cloud

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

For more information on KnowBe4, visit www.knowbe4.com.