Phishing Business-Related Messages Still Most Successful

phishing messages

Written by Jackie Bilodeau

I am the Communications Director for CGNET, having returned to CGNET in 2018 after a 10-year stint in the 1990's. I enjoy hiking, music, dance, photography, writing and travel. Read more about my work at CGNET here.

November 3, 2022

Back in April I gave you the results of a quarterly study by KnowBe4 that looks into which phishing subject lines staff are most vulnerable to. They looked at both simulated phishing messages sent as part of their security awareness training, and real world “in the wild” phishing messages reported to them by users. They just released the results of their 3rd quarter study and found that employees are still most vulnerable to messages with internal business-related subject lines.

The most clicked-on subject lines from global phishing tests

Messages with subject lines related to internal business – particularly those that look like they’re coming from HR – continue to have success. This is because they appear to be something that could affect a user’s actual workload and routine. Often, these messages also convey a sense of urgency, a common ploy used by hackers to get the user to act quickly, without thinking. Here are the top 5 subject lines that users clicked on:

  1. From Google: You were mentioned in a document: “Strategic Plan Draft”
  2. From HR: Dress Code Changes
  3. From HR: Vacation Policy Update
  4. From Adobe Sign: Your Performance Review
  5. Password Check Required Immediately

The most reported subject lines found “in the wild”

KnowBe4 also tallied up the actual (not simulated) phishing messages reported to them via their “Phishing Alert” button by users:

  1. Equipment and Software Update
  2. Mail Notification; You have 5 Encrypted Messages
  3. Amazon: Amazon – delayed shipping
  4. Google: Password Expiration Notice
  5. Action required: Your payment was declined

Top 5 attack vectors

Attack vectors are the techniques used by the sender to try to engage and ensnare users. These were the top methods used in the phishing messages reported to KnowBe4:

  1. Click here: There is a phishing hyperlink in the body of the message
  2. Domain spoofing: The message appears to come from the user’s domain
  3. Open this attachment: The message includes a PDF attachment
  4. Branding: The user’s organizational logo and name are in the message
  5. Credentials landing page: A link in the message takes the user to a new landing page where they are asked to log in or enter some other data.


You can see/download the full infographic here.

You May Also Like…

You May Also Like…


Submit a Comment

Your email address will not be published. Required fields are marked *

Translate »
Share This