Corrupt Creative: The Top Ten Phishing Subject Lines Of 2018

You can’t argue with success. A new study by KnowBe4 reveals the most clicked-on phishing subject lines of 2018. 

Don’t use these if you want to stay out of jail, and don’t open if them if you want to avoid destruction by malware. That said, they do show what’s working in the phishing business. 

The list is based on two threads — subject lines used in a simulated phishing test and actual phishing emails received by KnowBe4 clients and reported by their IT departments as suspicious.

Each subject line falls into one of five categories: 

  • Deliveries 
  • Passwords
  • Company Policies 
  • Vacation
  • IT Department (in-the-wild)

Here are the ten most clicked-on subject lines globally:

  1. Password Check Required Immediately/Change of Password Required Immediately — 19%
  2. Your Order with Amazon Order Receipt — 16% 
  3. Announcement: Change in Holiday Schedule — 11%
  4. Happy Holidays! Have a drink on us — 10%
  5. Problem with Bank Account — 8%
  6. De-activation of [[email]] in Process — 8% 
  7. Wire Department — 8%
  8. Revised Vacation & Sick Time Policy — 7% 
  9. Last reminder: please respond immediately — 6%
  10. UPS Label Delivery 1ZBE312TNY00015011 — 6% 



KnowBe4 notes that capitalization and spelling appear as they were in the phishing test subject lines. 

Click rates are one measure of success, and another is sheer usage. The following are the most-used in-the-wild subject lines:

  • Apple: You recently requested a password reset for your Apple ID 
  • Employee Satisfaction Survey
  • Sharepoint: You Have Received 2 New Fax Messages
  • Your Support Ticket is Closing
  • Docusign: You’ve received a Document for Signature
  • ZipRecruiter: ZipRecruiter Account Suspended
  • IT System Support
  • Amazon: Your Order Summary 
  • Office 365: Suspicious Activity Report 
  • Squarespace: Account billing failure 

KnowBe4 add that three "in-the-wild subject lines were clicked in three out of four quarters. They included Amazon, Wells Fargo and Microsoft as keywords."

“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. "The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security."

Carpenter adds: "Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click."



Next story loading loading..