Phishing emails continue to be one of the most common and effective methods to maliciously impact a variety of organisations around the world – everyone is a potential victim. Cybercriminals constantly refine their strategies to outsmart end users and organisations by changing phishing email subjects to be more believable and attention-grabbing. This shift in phishing tactics over time is evident in the increasing trend of cybercriminals using business-related email subjects.
These are among the findings of KnowBe4’s 2022 and Q4 2022 top-clicked phishing report, which includes the top email subjects clicked in phishing tests, top attack vector types, holiday phishing email subjects and more insightful information that reveal the most popular phishing email tactics.
Business phishing emails are lucrative and successful because of their potential to affect a user’s workday and routine. These include emails from HR, IT, managers and web services such as Google and Amazon.
KnowBe4’s 2022 phishing test results reveal that for the year, nearly 50% of email subjects were HR-related, while the other half were related to career development, IT and work project notifications.
These types of emails bait recipients into opening them and are likely successful because they create a sense of urgency in users to act quickly, sometimes without thinking and taking the time to question the email’s legitimacy.
Additionally, this year’s phishing tests revealed the top vector for the year to be phishing links in the body of an email, which has stayed consistent for the last three consecutive quarters.
The combination of these phishing tactics is clearly a working strategy for cybercriminals but detrimental to users and organisations as they can lead to cyber-attacks such as business email compromise and ransomware.
Along with an increased utilisation of more business-related emails and links within emails, the Q4 2022 phishing test also shares the top holiday phishing email subjects. Cybercriminals are smart and pay attention to what works and what does not when it comes to effective phishing emails,” says Stu Sjouwerman, CEO of KnowBe4. “This is why we see email subjects evolve and upgrade over time to keep up with end users and what they may be susceptible to.
“Phishing emails are a year-round threat and remain a challenge during the holiday season as well – holiday phishing emails are the one gift that no one wants to receive in their inbox.
“KnowBe4’s phishing test reports emphasise the importance of new-school security awareness training that educate users on the latest and most common cyber-attacks and threats. A strong security culture and an educated workforce is an organisation’s best defence to remain vigilant and stay safe online from cybercriminals and their attempted threats.”