The Best Phishing Email Subject Lines

Phishing artists are using holiday-related subject lines to get victims to open their emails, according to KnowBe4’s Q1 2022 global phishing report

For instance, employees are likely to be snookered in by these lines: 

  • HR: Change in Holiday Schedule
  • Someone special sent you a Valentine’s Day ecard!
  • St. Patrick’s Day: Employee Behavior/Company Policies
  • Our Valentine’s Day Gift To You
  • Starbucks: Happy Holidays! Have a drink on us.

HR-related subject lines also lure people in: 

  • HR: New requirements tracking Covid vaccinations
  • Password Check Required Immediately
  • HR: Vacation Policy Update
  • HR: Important: Dress Code Changes
  • Acknowledge Your Appraisal

On a regional level, the most popular phishing subject lines in EMEA are:

  • Authorize Pending Transaction on your Wallet
  • HR: Registration for COVID-19 Study
  • IT: End of Year Password Policy
  • HR: Code of Conduct
  • Your Benefit Account Has Been Updated



Globally, the top ten phishing categories are:

  1. Business
  2. Online Services
  3. Human Resources
  4. IT
  5. Coronavirus/COVID-19 Phishing
  6. Banking and Finance
  7. Phishing for Sensitive Information
  8. Mail Notifications
  9. Social Networking
  10. Current Events

KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. 

In addition,  the company analyzed in-the-wild subject lines that recipients reported as suspicious to their IT departments. 

Popular in-the-wild include:

  • IT: Software Update
  • Google Forms: Your Voice Engagement Survey
  • Zoom: You missed a Zoom meeting
  • Project Notice
  • Dropbox: Updates about your account


1 comment about "The Best Phishing Email Subject Lines".
Check to receive email when comments are posted.
  1. Craig Mcdaniel from Sweepstakes Today LLC, April 15, 2022 at 12:05 a.m.

    Ray, I think there is another category that is even worse. These are the affiliate ads.  For example I received 4 of the same home improvement within 15 minutes of each other but are sent by 4 different foreign domains addresses. In a recent post, Google didn't even mention to view the senders email address and domain as one of the most important security actions a person should take.  Second is to view the senders domain against the ad. In short, I never trust a affiliate ad. 

Next story loading loading..