Sponsored By

Big Spike in Work-from-Home Phishing Email

We've got the list of the top-clicked phishing email subjects.

Edward Gately

January 20, 2021

3 Min Read

Phishing email attacks related to working from home are rising amid the continuing COVID-19 pandemic, according to KnowBe4 research.

KnowBe4’s Q4 2020 top-clicked phishing report reveals the top 10 general email subjects. It also includes the top 10 in-the-wild email subject lines.

In-the-wild email subject lines represent actual emails that users received and reported to their IT departments as suspicious.

The KnowBe4 research shows work-related email subjects such as corporate policy changes are becoming more popular. That’s because the pandemic continues to keep more people working from home.

Tony Jennings is KnowBe4’s senior vice president of international and global channel sales.


KnowBe4’s Tony Jennings

“One surprising item from the report focuses on the social media click rates where people at work are falling victim to social media inquiries on their work emails,” he said. “Social media, unless for business, should not be mixed between personal and work accounts. If people are getting emails for LinkedIn, Facebook, Twitter to their work accounts, it’s a strong recommendation to shift them to personal accounts. If users still receive social media emails to their work accounts, they can quickly dismiss them, as they are phishing attacks.”

General Email Subjects

According to the KnowBe4 research, the top 10 general email subjects are:

  • Password check required immediately.

  • Touch base on meeting next week.

  • Vacation policy update.

  • COVID-19 remote work policy update.

  • Important: dress code changes.

  • Scheduled server maintenance — no internet access.

  • De-activation of [[email]] in process.

  • Please review the leave law requirements.

  • You have been added to a team in Microsoft Teams.

  • Company policy notification: COVID-19 — test & trace guidelines

Lack of security awareness training is leading employees to fall for these phishing email schemes, Jennings said.

“On average, organizations spend less than 3% of their IT budgets on human training or social awareness training,” he said. “Technology is often an organization’s go-to defense to protect against malicious emails. But the technology systems still allow about 10% of emails through to end users.”

In-the-Wild Email Subjects

When investigating “in-the-wild” email subject lines, KnowBe4 found the most common throughout the fourth quarter were:

  • IT: annual asset inventory.

  • Changes to your health benefits.

  • Twitter: security alert: new or unusual Twitter login.

  • Amazon: action required | your Amazon Prime membership has been declined.

  • Zoom: scheduled meeting error.

  • Google Pay: payment sent.

  • Stimulus cancellation request approved.

  • Microsoft 365: action needed: update the address for your Xbox Game Pass for console subscription.

  • RingCentral is coming!

  • Workday: reminder: important security upgrade required.

“Cybercriminals only need one person to click the link or open the door to enable malware installations,” Jennings said. “This action allows cybercriminals to gain access to networks, data and infrastructure. Once inside the network, cybercriminals will gain access to the ‘keys to the kingdom’ and exfiltrate intellectual property and possibly make the organization’s data unavailable by exploiting them with ransomware. With ransomware, cybercriminals will request a large sum of money to hand over the decryption key in order to get their data back.”

MSSPs can provide the technology resources organizations need to protect themselves, he said. They can do this by implementing multiple layers of depth to protect the various applications and data within an organization.

“Further protection and risk reduction activities such as security awareness training for employees, the human aspect, and phishing assessments, should be implemented,” Jennings said. “These assessments allow the organization’s decision makers to recognize improvement areas and to help strengthen their human firewalls.”

Read more about:


About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like