Phishing emails that attempt to victimize people working at home are on the rise, judging by the Q4 2020 phishing report from security training firm KnowBe4.
Messages that
focus on social media are the biggest category, and LinkedIn-related phishing messages account for 47% of those.
In an analysis of test subject lines, KnowBe4 lists these as the most
popular:
- Password Check Required Immediately
- Touch base on meeting next week
- Vacation Policy Update
- COVID-19 Remote Work Policy
Update
- Important: Dress Code Changes
- Scheduled Server Maintenance -- No Internet Access
- De-activation of [[email]] in process
- Please
review the leave law requirements
- You have been added to a team in Microsoft Teams
- Company Policy Notification: COVID-19 - Test & Trace Guidelines.
The company notes that Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.
advertisement
advertisement
Among “in-the-wild” subject lines, the most common included:
- IT: Annual Asset Inventory
- Changes to your health benefits
- Twitter: Security
alert: new or unusual Twitter login
- Amazon: Action Required | Your Amazon Prime Membership has been declined
- Zoom: Scheduled Meeting Error
- Google Pay:
Payment sent
- Stimulus Cancellation Request Approved
- Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
- RingCentral is coming!
- Workday: Reminder: Important Security Upgrade Required
"It's no surprise that phishing attacks related to working from home are
increasing given that many countries around the world have seen their employees working from home offices for nearly a year now," states Stu Sjouwerman, CEO, KnowBe4.
Sjouwerman
adds, "Just because employees may be more used to their home office environment doesn't mean that they can let their guard down."