Open These Emails At Your Peril

Here is a list of effective email subject lines. But don’t open them if you see them in your inbox, and don’t use them yourself unless you’re in the business of sending malware.

These were the most clicked-through phishing subject lines in the third quarter of 2017, compiled by security services firm KnowBe4:

  1. Official Data Breach Notification – 14%
  2. UPS Label Delivery 1ZBE312TNY00015011 – 12% 
  3. IT Reminder: Your Password Expires in Less Than 24 Hours – 12% 
  4. Change of Password Required Immediately – 10%
  5. Please Read Important from Human Resources – 10%
  6. All Employees: Update your Healthcare Info – 10% 
  7. Revised Vacation & Sick Time Policy – 8%
  8. Quick company survey – 8% 
  9. A Delivery Attempt was made – 8% 
  10. Email Account Updates – 8% 



How did KnowBe4 compile this global top ten?

These lines are a combination of simulated phishing templates and custom tests that the firm created for clients. The capitalization is the same as it was in the subject lines.

Overall, these lines prove that email works well for phishing. But they are even more insidious than they seem.

“By playing into the human psyche, hackers will successfully continue to infiltrate an organization through a phishing email,” states Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats.”

Carpenter adds: “Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes.”

Whatever your business, try to avoid using subject lines that resemble these even slightly: You could end up in a spam folder.  

KnowBe4points out that Mike Rogers, the former chairman of the House Intelligence Committee, called phishing attacks the “next big attack vector” during the U.S. Chamber of Commerce cyber security summit last week.

The positive side? That the above subject lines have been identified. The negative: That cyber criminals with nation-state backing have created such sophisticated attacks that it is nearly impossible to defend against malware infections, Rogers said, according to KnowBe4.


Next story loading loading..