Hand Cursor clicking an unopened email

10 most-clicked phishing email subject lines

A recent study looks at what are the most-clicked email subject headers used by social engineers.

For many years, hackers have used phishing emails as their primary attack vector. This is because they remain a highly efficient method of getting past the final layer of security in both personal and business mail environments, the user.

They are in fact such a popular tool for attacking business email systems that over 90% of successful data breaches begin with type of phishing attack, predominantly spear phishing.

However, internet users are getting wiser to the types of emails hackers use to get past their technical and psychological defences. No longer do emails from wealthy princes/doctors/astronauts quite cut it. (See below for an all time favourite).

This means that malicious actors have to step up their game and think longer and harder about how to word the perfect headline.

The average user’s attention span for non-business related information sits at just over 2 seconds before we scroll, swipe, like, dislike or simply disregard new digital information, and that applies to emails too. Hackers know this well, and it is reflected in a recent study by Knowbe4 regarding the most-clicked email headings as used by phishers today.

The top 10 most-clicked general email subjects

The list below is compiled from thousands of simulated phishing campaigns, based on either pre-made templates, or those designed by end-users.

  1. Change of Password Required Immediately 26%
  2. Microsoft/Office 365: De-activation of Email in Process 14%
  3. Password Check Required Immediately 13%
  4. HR: Employees Raises 8%
  5. Dropbox: Document Shared With You 8%
  6. IT: Scheduled Server Maintenance – No Internet Access 7%
  7. Office 365: Change Your Password Immediately 6%
  8. Avertissement des RH au sujet de l’usage des ordinateurs personnels 6%
  9. Airbnb: New device login 6%
  10. Slack: Password Reset for Account 6%

Also, throughout Q4 2019, a list of the most common ‘in-the-wild’ emails has been created. These email subjects have been reported to IT departments by recipients and are listed in order of most-reported:

  • SharePoint: Approaching SharePoint Site Storage Limit
  • Microsoft: Anderson Hauck has shared a Whiteboard with you
  • Office 365: Medium-severity alert: Unusual volume of file deletion
  • FedEx: Correct address needed for your package delivery on [[current_date_0]]
  • USPS: Your digital receipt is ready
  • Twitter: Your Twitter account has been locked
  • Google: Please Complete the Required Steps
  • Cash App: Your Account Has Been Closed
  • Coinbase: Important Please Resolve Error Now
  • Would you mind taking a look at this invoice?

The simplistic yet sophisticated approach of almost all the emails above shows the evolution of hackers in the modern age. To stay afloat and avoid becoming victims, users must learn to spot phishing emails.

Security Awareness Training and simulated phishing campaigns are the most cost-effective and efficient method to educate your users in spotting phishing emails.

Want to know how many of your users will click a phishing email? We created a tool to show you just that! Check out our Free Click-Prone® Test and learn (in a safe environment) how many of your users require more training.

Recent posts