Holiday-themed emails entice employees to click

Apr 14, 2022

Security specialist and simulated phishing platform KnowBe4 has released the results of its Q1 2022 top-clicked phishing report.

“In our latest quarterly phishing report, we found that holiday-themed emails were the most tempting for employees to click on,” says Stu Sjouwerman, CEO of KnowBe4. “HR-related messages such as a change in the schedule for the holidays likely piqued interest from employees to see if they would receive an extra day off or shortened work schedule due to the holidays.

“It is important to remember that cybercriminals utilise various tactics such as preying on people’s emotions when executing their malicious scams,” he adds. “Remaining vigilant and adopting a heightened sense of suspicion around emails that trigger an emotional response can end up preventing a detrimental cybersecurity attack.”

The results of the new report highlight top subjects used in phishing which include:

Global holiday emails
1. HR: Change in Holiday Schedule
2. Someone special sent you a Valentine’s Day ecard!
3. St. Patrick’s Day: Employee Behaviour/Company Policies
4. Our Valentine’s Day Gift To You
5. Starbucks: Happy Holidays! Have a drink on us.
Top 10 email categories globally:
1. Business
2. Online Services
3. Human Resources
4. IT
5. Coronavirus/Covid-19 Phishing
6. Banking and Finance
7. Phishing for Sensitive Information
8. Mail Notifications
9. Social Networking
10. Current Events
Top phishing email subjects were broken out, comparing those in the US to those in Europe, Middle East and Africa (EMEA). In Q1 2022, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organisation also reviewed “in-the-wild” email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top phishing email subjects:
The US
1. HR: New requirements tracking Covid vaccinations
2. Password Check Required Immediately
3. HR: Vacation Policy Update
4. HR: Important: Dress Code Changes
5. Acknowledge Your Appraisal
EMEA
1. Authorize Pending Transaction on your Wallet
2. HR: Registration for Covid-19 Study
3. IT: End of Year Password Policy
4. HR: Code of Conduct
5. Your Benefit Account Has Been Updated
Common “In-the-Wild” attacks:
• IT: Software Update
• Google Forms: Your Voice Engagement Survey
• Zoom: You missed a Zoom meeting
• Project Notice
• Dropbox: Updates about your account