We know better than to click on suspicious-looking emails, right? A recent email security study of most frequently clicked phishing emails shows otherwise.

KnowBe4, a provider of email security best practices awareness training, shared its Top 10 Global Phishing Email Subject Lines for Q2 2017. While the results show that users click most frequently on business-related subject lines (“Security Alert” is the highest ranked at 21 percent), they still click with alarming frequency on subject lines not related to work topics and showing red flags.

The top 10 global most-clicked phishing email subject lines* from phishing testing for Q2 2017 include:

  • Security Alert – 21%
  • Revised Vacation & Sick Time Policy – 14%
  • UPS Label Delivery 1ZBE312TNY00015011 – 10%
  • BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
  • A Delivery Attempt was made – 10%
  • All Employees: Update your Healthcare Info – 9%
  • Change of Password Required Immediately – 8%
  • Password Check Required Immediately – 7%
  • Unusual sign-in activity – 6%
  • Urgent Action Required – 6%

*Capitalization is as it was in the phishing test subject line.

Top subject lines from actual attacks provided by KnowBe4 customers include:

  • Direct Deposit of Payment on Your Checking Account
  • Irregular Activity on Your SunTrust Online Account
  • Closing Extension/Final Closing Statement
  • Bank transfer of 75,000 USD
  • Drake: Account Validation
  • Threats of Legal Action About Invoice 72393
  • RFQ Quote the Models
  • PayPal: Your account has been limited
  • Your Order #335816 placed on Friday is paid

These “in the wild” attacks are notable because they use the personal finances of the target as the lure.  When you’re not sure if an email might be legitimate, log in to your account and check for any discrepancies.  Don’t click on the email.

Ensure that no one transfers funds or shares personal information in your business without seeking confirmation.  Creating email security best practices that include a phone call to double-check these transactions could save your company both money and grief.

If you’d like to know more about how CRU Solutions can help with business IT services, including email security, contact us.