Phishing emails that mention holidays are most likely to entice employees to click, according to security awareness training company KnowBe4.
The Q1 2022 top-clicked phishing report finds successful subjects globally include: ‘HR: Change in Holiday Schedule’, ‘St. Patrick’s Day: Employee Behavior/Company Policies’, and ‘Starbucks: Happy Holidays! Have a drink on us’.
“In our latest quarterly phishing report, we found that holiday-themed emails were the most tempting for employees to click on,” says Stu Sjouwerman, CEO of KnowBe4. “HR-related messages such as a change in the schedule for the holidays likely piqued interest from employees to see if they would receive an extra day off or shortened work schedule due to the holidays. It is important to remember that cybercriminals utilize various tactics such as preying on people’s emotions when executing their malicious scams. Remaining vigilant and adopting a heightened sense of suspicion around emails that trigger an emotional response can end up preventing a detrimental cybersecurity attack.”
Other top subjects reported in phishing tests in the US relate to COVID and vaccination policies, dress codes, password checks and appraisals. In the EMEA region COVID and passwords are also popular but so are subjects relating to wallet transactions and suspended accounts.
Common in-the-wild email subject lines — representing actual emails users received and reported to their IT departments as suspicious — include: ‘IT: Software Update’, ‘Google Forms: Your Voice Engagement Survey’, ‘Zoom: You missed a Zoom meeting’, ‘Project Notice’ and ‘Dropbox: Updates about your account’.
You can find more information about phishing attacks and how to protect yourself and your business on the KnowBe4 site.
Image credit: weerapat/depositphotos.com