KnowBe4 report reveals the most popular phishing email tactics used

Stu Sjouwerman, Chief Executive Officer at KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, recently announced the results of its 2022 and Q4 2022 top-clicked phishing report. The results of the report include the top email subjects clicked in phishing tests online, top attack vector types, holiday phishing email subjects and more insightful information that reveals the most popular phishing email tactics used by cybercriminals.

What were the main findings of the report?

Phishing emails continue to be one of the most common and effective methods to maliciously impact a variety of organisations around the world – everyone is a potential victim. Cybercriminals constantly refine their strategies to outsmart end users and organisations by changing phishing email subjects to be more believable and attention grabbing. This shift in phishing tactics is evident in the trend of cybercriminals using business-related email subjects.

Phishing emails are successful because of the potential to direly affect a user’s workday and routine. These include emails from HR, IT, managers and web services such as Google and Amazon. KnowBe4’s 2022 phishing test results reveal that, nearly 50% of emails were HR related, while the other half were related to career development, IT and work notifications.

These types of phishing emails bait recipients into opening them and are most likely lucrative and successful because they create a sense of urgency in users to act and respond quickly, sometimes without thinking and taking the time to question the legitimacy of the email.

Additionally, this year’s phishing tests revealed the top vector for the year to be phishing links in the body of an email, which has stayed consistent for the last three consecutive annual quarters. The combination of these phishing tactics by criminals is clearly a viable working strategy for cybercriminals but evidently detrimental to users and organisations as they can lead to cyber attacks and fraud such as theft, business email compromise and ransomware.

Along with an increased utilisation of more business-related emails and links within emails, the Q4 2022 phishing test also shares the top holiday phishing email subjects. The holiday season is one of the busiest times of the year for online activities and cybercriminals count on end users having their guards down when it comes to staying alert and spotting phishing emails.

What is the difference with holiday phishing subjects?

Like general phishing email subjects, holiday phishing subjects consist of emails from mainly HR and IT, however, they are also tailored to the holiday season and the festivities that typically happen during that time of the year by mentioning holiday parties, gifts, food etc.

“Cybercriminals are smart and pay attention to what works and what doesn’t when it comes to effective phishing emails,” said Stu Sjouwerman, CEO, KnowBe4. “This is why we see email subjects evolve and upgrade over time to keep up with end users and what they may be susceptible to. They are a year-round threat and remain a challenge during the holiday season as well – holiday phishing emails are the one gift that no one wants to receive in their inbox.”

“KnowBe4’s report findings emphasise the importance of new-school security awareness training that educate internet users on the latest and most common cyber attacks and threats. A strong security culture and an educated workforce is an organisation’s best defense to remain vigilant and stay safe online from cybercriminals and their attempted threats.”


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.