Phishing is widespread around the world, but people in different regions respond to different triggers.

This is one of the findings from KnowBe4’s Q4 2021 top-clicked phishing report.

“When comparing the results from the US phishing emails to those in Europe, the Middle East and Africa (EMEA), email subjects in the US appear to originate from the users’ organisations and are focused on security alerts related to passwords and internal company policy changes,” says Stu Sjouwerman, CEO of KnowBe4.

“However, in EMEA, the top subjects are related to users’ everyday tasks and the subject lines appear to be more personalised to entice the user to click.

“As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular,” he adds.

“Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organisation.”

The top 10 email categories globally were:

* Business

* Online Services

* Human Resources

* IT

* Banking and Finance

* Coronavirus/Covid-19 Phishing

* Mail Notifications

* Holiday

* Phishing for Sensitive Information

* Social Networking

Top phishing email subjects were also broken out, comparing those in the US to those in EMEA. In Q4 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious.

The top phishing email subjects in the US were:

* Password Check Required Immediately

* Important: Dress Code Changes

* Vacation Policy Update

* Important Social Media Policy Change

* Employee Discounts on Amazon for your Holiday Shopping

The top phishing email subjects in EMEA were:

* Accept Invitation – Staff Meeting via Teams

* Employee Portal – Timecard Not Submitted

* Enclosed attachment for your review

* Immediate password verification required

* [[company_name]] Invoice

Common “in-the-wild” attacks were:

* IT: Cloud Enrollment

* Special Project Information

* You Have Some New Messages

* Teams Events

* Microsoft: Private Shared Document Received