Email Subject Lines That Deceive

Want to scam people? Or, instal some malware?

In Q4 2019, KnowBe4 analysed tens of thousands of email subject lines from simulated phishing tests along with ‘in-the-wild’ subject lines from actual emails that people received and reported to their IT departments as suspicious.

Here are the top 10 general topics used in deceptive subject lines :

• Change of Password Required Immediately – 26%
• Microsoft/Office 365: De-activation of Email in Process – 14%
• Password Check Required Immediately – 13%
• HR: Employees Raises – 8%
• Dropbox: Document Shared With You – 8%
• IT: Scheduled Server Maintenance – No Internet Access – 7%
• Office 365: Change Your Password Immediately – 6%
• Avertissement des RH au sujet de l’usage des ordinateurs personnels – 6%
• Airbnb: New device login – 6%
• Slack: Password Reset for Account – 6%

When examining ‘in-the-wild’ email subject lines, the company found that the most common ones are:

• SharePoint: Approaching SharePoint Site Storage Limit
• Microsoft: Anderson Hauck has shared a Whiteboard with you
• Office 365: Medium-severity alert: Unusual volume of file deletion 
• FedEx: Correct address needed for your package delivery on [[current_date_0]]
• USPS: Your digital receipt is ready 
• Twitter: Your Twitter account has been locked
• Google: Please Complete the Required Steps
• Cash App: Your Account Has Been Closed
• Coinbase: Important Please Resolve Error Now
• Would you mind taking a look at this invoice?

Moreover, KnowBe4 also reports that 39% of users have been falling for simulated phishing tests saying a password should be checked immediately.

The most-clicked social media deceptive subject lines referenced LinkedIn (55%) and Facebook (28%).

Email users should be “especially cautious if an email seems too good to be true, such as a giveaway,” states Stu Sjouwerman, CEO of KnowBe4.