Phishing is still a key tool for cyber criminals as they seek to insert malware onto machines and to get hold of personal details.
Although most people are aware of the threat there are still some subject lines that are much more likely to deliver results for the phishermen than others, according to security awareness training specialist KnowBe4, which has released its Top 10 Global Phishing Email Subject Lines report for the third quarter of 2017.
The company looked at tens of thousands of email subject lines used in simulated phishing tests to uncover just what makes a user want to click. The top 10 most successful subjects are as follows:
1 Official Data Breach Notification -- 14 percent
2 UPS Label Delivery 1ZBE312TNY00015011 -- 12 percent
3 IT Reminder: Your Password Expires in Less Than 24 Hours -- 12 percent
4 Change of Password Required Immediately -- 10 percent
5 Please Read Important from Human Resources -- 10 percent
6 All Employees: Update your Healthcare Info -- 10 percent
7 Revised Vacation & Sick Time Policy -- 8 percent
8 Quick company survey -- 8 percent
9 A Delivery Attempt was made -- 8 percent
10 Email Account Updates -- 8 percent
KnowBe4 also examined how users responded to messages that appeared to come from social networks. The most successful messages here are those appearing to come from LinkedIn, which many people have linked to their work addresses.
"By playing into the human psyche, hackers will successfully continue to infiltrate an organization through a phishing email. The level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats," says Perry Carpenter, chief evangelist and strategy officer at KnowBe4. "Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes. KnowBe4 has a proven track record of helping them do just that."