Ask A Question

+44 (0) 345 260 8801 Remote Support Log a Case Client Area
Home>News>These subject lines are the most clicked for phishing

These subject lines are the most clicked for phishing

The most successful email lures don’t promise riches, but issue imminent cybersecurity warnings or urgent office messages, a report reveals.

By now, even the least-seasoned email user knows not to open messages from Nigerian princes or vacationing “friends” desperate for an emergency loan.

But bad actors have become increasingly clever in phishing attempts. KnowBe4, which provides security awareness training,  revealed the most clicked subject line in a fourth-quarter report.

The most-effect lure, the firm found, was an urgent message to immediately check a password, with 39% of users falling for the ruse.

“With more end users becoming security-minded, it’s easy to see how they fall for phishing scams related to changing or checking their passwords,” said Stu Sjouwerman, KnowBe4’s CEO, in a release.

And just because you work in tech, doesn’t mean you’re immune. “These subject lines are very effective against tech pros as well,” said Erich Kron, security awareness advocate, KnowBe4.


“Tech professionals tend to become comfortable with email and technology, and therefore can be less careful than people who are more suspicious of everything,” Kron said. “When speaking to tech pros about emails they fell for, they seem to realize that they made an error by clicking much faster than non-technical employees, however, it’s often too late at that point.”

But social media messages have also effectively tricked users, notably when LinkedIn is the subject—55% were successful, with Facebook following at 28%.

“Not surprisingly, LinkedIn email subjects top the social media list for Q4 in a pretty big way. Q4 is a time where people are setting resolutions for the following year, and this often involves a job search. Activity related to LinkedIn tends to spike in this quarter, meaning people are more likely to view and click these emails.”

Research for the report was gathered through an examination of thousands of email subject lines from simulated phishing tests.

KnowBe4 also reviewed “in-the-wild” email subject lines, which added previously received email as an additional incentive to open, as well as company emails reported to IT departments as suspicious.

Top 10 most-clicked phishing using general email subjects

(This also represents the actual capitalization and spelling used in the original phishing subject lines.)

  1. Change of Password Required Immediately 26%
  2. Microsoft/Office 365: De-activation of Email in Process 14%
  3. Password Check Required Immediately 13%
  4. HR: Employees Raises 8%
  5. Dropbox: Document Shared With You 8%
  6. IT: Scheduled Server Maintenance – No Internet Access 7%
  7. Office 365: Change Your Password Immediately 6%
  8. Social media has been hacked, log in today to change 6%
  9. Airbnb: New device login 6%
  10. Slack: Password Reset for Account 6%

The above email subject lines are a combination of both simulated phishing templates KnowBe4 created and custom tests from their customers.

The “in-the-wild” email subject lines were gathered from actual user emails, which were then reported to their company IT department.

Here are the most popular

(Also with original capitalization and spelling):

  •     SharePoint: Approaching SharePoint Site Storage Limit
  •     Microsoft: Anderson Hauck has shared a Whiteboard with you
  •     Office 365: Medium-severity alert: Unusual volume of file deletion
  •     FedEx: Correct address needed for your package delivery on [[current_date_0]]
  •     USPS: Your digital receipt is ready
  •     Twitter: Your Twitter account has been locked
  •     Google: Please Complete the Required Steps
  •     Cash App: Your Account Has Been Closed
  •     Coinbase: Important Please Resolve Error Now
  •     Would you mind taking a look at this invoice?

Email users “should be especially cautious if an email seems too good to be true, such as a giveaway,” Sjouwerman said. “As identifying phishing attacks from legitimate emails becomes trickier, it’s more important than ever for end-users to look for red flags, and think before they click.”



Want the best solution for your business?

At Advoco, we take a practical approach to everything that we do with technology.

If you have any concerns, questions or simply want to explore how to better secure your business, please do get in touch with the team for a FREE demonstration and initial consultation to explore how exposed your business might actually be.

To book a consultation or to arrange a further discussion, please get in touch.