Is phishing still a thing? KnowBe4, a security training company, released details on the top clicked phishing email subjects of the fourth quarter of 2018; in other words: the subject lines that get unsuspecting users to interact with phishing emails the most.
The data comes from two sources: simulated phishing emails used by KnowBe4 customers and Phish Alert Button interactions.
Phishing is quite the problem on today's Internet. While additional security features such as two-factor authentication may block some attacks dead in their track, it all comes down to users in the end.
Attackers invent new ways to trick users. In 2017, they used Punycode domains to make domain names look like the real deal, or Google phishing emails that gave the attacker access to emails and contacts.
The following email subjects top the list:
Several of these subjects are Holiday themed; these will change in the coming quarters. Common themes include shipping and delivery emails, security related emails, company policy emails, and seasonal emails.
Passwords and security, as well as email subjects that demand action or are of concern to the user, are commonly used in phishing emails.
The company tracks social media email subjects separately.
The top list looks like this:
It is surprising that LinkedIn tops the list and not Facebook. Several security related messages are in the top ten, but most social media email subjects used to phish data focuses on interaction on the service.
Phishing attacks have evolved over the years; it is no longer enough to push millions of emails with phishing links to users. Attackers create emails that spark user interest or concern, and put effort in creating email subjects that catch a user's attention as these determine whether a user opens the email to read the body content (and interact with it) or not.
Most phishing attacks would fall short if users would never click on links in emails.
Now You: What is your take on phishing in 2018? Still as much a threat as in 2010?Advertisement
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.