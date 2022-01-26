Phishing emails in Q421 focused on everyday tasks - research

Yesterday

Phishing emails in the last quarter of 2021 were primarily focused on users' everyday tasks, new research has found.

The information was revealed in KnowBe4's Q4 2021 top-clicked phishing report, which the company released this week.

KnowBe4 is a provider of a security and awareness training and simulated phishing platform.

“When comparing the results from the United States phishing emails to those in the rest of the world, email subjects in the United States appear to originate from the users’ organisations and are focused on security alerts related to passwords and internal company policy changes,” says Stu Sjouwerman, chief executive officer at KnowBe4.

“However, in the rest of the world, the top subjects are related to users’ everyday tasks and the subject lines appear to be more personalised to entice the user to click," he says.

"As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organisation.”

According to the report, the top 10 email categories globally are:

Business

Online Services

Human Resources

IT

Banking and Finance

Coronavirus/COVID-19 Phishing

Mail Notifications

Holiday

Phishing for Sensitive Information

Social Networking

Top phishing email subjects were also broken out, comparing those in the United States to those in the rest of the world. In the fourth quarter of 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious.

The results are below.

Top phishing email subjects, according to the Q4 2021 top-clicked phishing report:

Rest of the Word:

Accept Invitation - Staff Meeting via Teams

Employee Portal - Timecard Not Submitted

Enclosed attachment for your review

Immediate password verification required

[[company_name]] Invoice

The United States:

Password Check Required Immediately

Important: Dress Code Changes

Vacation Policy Update

Important Social Media Policy Change

Employee Discounts on Amazon for your Holiday Shopping

Common “In-the-Wild” attacks, according to the report were:

IT: Cloud Enrolment

Special Project Information

You Have Some New Messages

Teams Events

Microsoft: Private Shared Document Received

The KnowBe4 platform is used by more than 44,000 organisations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security.

Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's chief hacking officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defense.