Phishing artists are using holiday-related subject lines to get victims to open their emails, according to KnowBe4’s Q1 2022 global phishing report
For instance, employees are
likely to be snookered in by these lines:
- HR: Change in Holiday Schedule
- Someone special sent you a Valentine’s Day ecard!
- St. Patrick’s Day: Employee Behavior/Company Policies
- Our Valentine’s Day Gift To You
- Starbucks: Happy Holidays! Have a drink on
us.
HR-related subject lines also lure people in:
- HR: New requirements tracking Covid vaccinations
- Password Check Required
Immediately
- HR: Vacation Policy Update
- HR: Important: Dress Code Changes
- Acknowledge Your Appraisal
On a
regional level, the most popular phishing subject lines in EMEA are:
- Authorize Pending Transaction on your Wallet
- HR: Registration for COVID-19
Study
- IT: End of Year Password Policy
- HR: Code of Conduct
- Your Benefit Account Has Been Updated
Globally,
the top ten phishing categories are:
- Business
- Online Services
- Human Resources
- IT
- Coronavirus/COVID-19 Phishing
- Banking and Finance
- Phishing for Sensitive Information
- Mail Notifications
- Social Networking
- Current Events
KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests.
In
addition, the company analyzed in-the-wild subject lines that recipients reported as suspicious to their IT departments.
Popular in-the-wild include:
- IT:
Software Update
- Google Forms: Your Voice Engagement Survey
- Zoom: You missed a Zoom meeting
- Project Notice
- Dropbox: Updates about your account
Ray, I think there is another category that is even worse. These are the affiliate ads. For example I received 4 of the same home improvement within 15 minutes of each other but are sent by 4 different foreign domains addresses. In a recent post, Google didn't even mention to view the senders email address and domain as one of the most important security actions a person should take. Second is to view the senders domain against the ad. In short, I never trust a affiliate ad.