Researchers from KnowBe4 published Top-Clicked phishing topics. If you got emails or messages like these lists, you may consider them as phishing and better recheck with the sender.
Common ‘In-The-Wild’ Emails for Q2 2023:
- HR: Staff Rewards Program
- Someone is trying to send you money
- IT: Important Email Upgrades
- ALERT – Mail Redirect Triggered
- Amazon: Action Needed: Purchase Attempt
- Microsoft 365: [[display_name]], MFA Security Review is Required
- A fax has arrived
- Google: [[manager_name]] invited you to join Google Chat Group
- Metamask Wallet Update
- Chase: Confirm Your Card Possession
Top Phishing Email Subjects Globally
- Possible typo
- HR: Important: Dress Code Changes
- HR: Please update W4 for file\
- Adobe Sign: Your Performance Review
- HR: Vacation Leave Notice: Plan Your Time Off Now!
- HR: Vacation Policy Update
- HR: Your training is past due
- Google: You were mentioned in a document: “Strategic Plan Draft”
- You Have A New Voicemail
- Bad customer review received – Please take action ASAP
Top 5 Attack Vector Types
- Link – Phishing Hyperlink in the Email
- Spoofs Domain – Appears to Come From the User’s Domain
- PDF Attachment – Email Contains a PDF Attachment
- HTML Attachment – Email Contains an HTML Attachment\
- Branded – Phishing Test Link Has User’s Organizational Logo and Name
- Holiday phishing email subjects such as a change in schedule, surveys, and notifications about celebrations are used as bait for unsuspecting users mid-year.
Top 10 Holiday Phishing Email Subjects in Q2 2023
- HR: Change in Holiday Schedule
- HR: Happy 4th of July Message!
- HR: Juneteenth Survey
- HR/July 4th: RSVP for Company BBQ!
- Juneteenth celebration sign-up
*Capitalization and spelling are as they were in the phishing test subject line.
Source: https://blog.knowbe4.com/q2-2023-top-clicked-phishing