Here’s a crash course for copywriters on email subject lines that work. Of course, they are fraudulent spam headlines concocted by security firm KnowBe4 and they would probably land you in
the slammer if you tried to use them.
But in the interest of sharing email tactics that work, here are the top ten of the most-clicked phishing tests:
- Equipment and Software Update
- Mail Notification: You have 5 Encrypted Messages
- Amazon’: Amazon – delayed shipping
- Google: Password Expiration Notice
- Action required: Your payment was declined
- Wells Fargo: Transfer Completed
- DocuSign: Please review and sign your document
- IT: IT Satisfaction Survey
- Zoom [[manager_name]] has sent you a message via Zoom Message
Portal
- Microsoft: Microsoft account security code
advertisement
advertisement
On another front, here are the top subjects for phishing emails
that mimic internal emails, and their percentages of the total:
- Google: You were mentioned in a document: “Strategic Plan Draft” —
17%
- HR: Important: Dress Code changes — 15%
- HR: Vacation Policy Update —
14%
- Adobe Sign: Your Performance Review — 11%
- Password Check Required Immediately — 11%
- Acknowledge Your Appraisal — 7%
- IT: Internet Report — 7%
- Main points from today’s
meeting — 6%
- USAA: Account Suspension — 6%
- Employee Expense Reimbursement for [[email]] —
6%
In addition, KnowBe4 has identified the top 5 attack vectors with its phishing security tests:
- Link — Phishing Hyperlink in the
Email
- Spoofs domain — Appears to come from the User’s Domain
- PDF Attachment — Email Contains a PDF
Attachment
- Branded — Phishing Test Link Has User’s Organization Logo and Name
- Credentials Landing Page — Phishing
Link Directs User to Data Entry or Login Landing Page