You can’t argue with success. A new study by KnowBe4 reveals the most clicked-on phishing subject lines of 2018.
Don’t use these if you want to stay out of jail, and don’t open if them if you want to avoid destruction by malware. That said, they do show what’s working in the phishing business.
The list is based on two threads — subject lines used in a simulated phishing test and actual phishing emails received by KnowBe4 clients and reported by their IT departments as suspicious.
Each subject line falls into one of five categories:
Here are the ten most clicked-on subject lines globally:
KnowBe4 notes that capitalization and spelling appear as they were in the phishing test subject lines.
Click rates are one measure of success, and another is sheer usage. The following are the most-used in-the-wild subject lines:
KnowBe4 add that three "in-the-wild subject lines were clicked in three out of four quarters. They included Amazon, Wells Fargo and Microsoft as keywords."
“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. "The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security."
Carpenter adds: "Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click."