The most common subject line to get an employee’s attention and act to click relates to data breaches.
According to the top 10 global phishing email subject lines for Q3 2017 by KnowBe4, examining email subject lines from simulated phishing tests, the most clicked was ‘Official Data Breach Notification’ followed by common tactics such as fake delivery notes and workplace issues, including password expiry advisories, account updates and information claiming to be from HR.
“Phishing attacks are responsible for more than 90% of successful cyber-attacks and the level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats,” said Perry Carpenter, chief evangelist and strategy officer of KnowBe4.
Speaking to Infosecurity, Carpenter said that although companies spend $100,000s on security technology it only takes one malicious person to get in and cause a breach. He explained that security training remains key as often the main cause of data breaches is phishing, and if you improve behavior it can reduce the attack surface.
“We see urgency and fear of a breach as the drivers,” he said. “We have over 1400 templates and a concentration of themes so we know what is highly effective.”
Speaking on data breach notification accounting for 14% of the most clicked subject lines in phishing simulations, Carpenter added that getting a personalized email will capture the recipient’s interest and with the amount of reported data breaches, users will be expecting emails such as that.
“Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes.”