Password-related phishing emails are catch users hook, line and sinker


Thursday, 16 January, 2020

Password-related phishing emails are catch users hook, line and sinker

‘Urgent’ phishing emails pushing users to check their passwords attracted the most clicks in quarter four (Q4) 2019, according to a recent study.

The study, conducted by US cybersecurity firm KnowBe4, sought to determine which subject lines would draw the most clicks in their simulated phishing tests for Q4 2019. The company examined tens of thousands of simulated email subject lines during the study and also reviewed real-world subject lines that email users had received and reported to their IT departments as suspicious, KnowBe4 said.

According to the study, 39% of users fell for messages urging them to check their passwords. It follows similar results in quarters two and three, with password checking-related messages snaring 35% and 43% of users respectively, according to KnowBe4.  

“Social media messages are another area of concern when it comes to phishing”, KnowBe4 said. Of social media-related email subjects, people were most likely to click LinkedIn and Facebook messages.

“With more end users becoming security-minded, it’s easy to see how they fall for phishing scams related to changing or checking their passwords,” KnowBe4 CEO Stu Sjouwerman said. 

“They should be especially cautious if an email seems to good to be true, such as a giveaway. As identifying phishing attacks from legitimate emails becomes trickier, it’s more important than ever for end users to look for the red flags and think before they click.”

The top-clicked simulated general email subjects included “Change of Password Required Immediately”, “Microsoft/Office 365: Deactivation of Email in Process”, “Password Check Required Immediately”, “HR: Employees Raises”, “Dropbox: Document Shared With You”, “IT: Scheduled Server Maintenance – No Internet Access” and “Office 365: Change Your Password Immediately”, KnowBe4 reported.

“SharePoint: Approaching SharePoint Site Storage Limit”, “Microsoft: Anderson Hauck has shared a Whiteboard with you”, “Office365: Medium-severity alert: Unusual volume of file deletion”, “FedEx: Correct address needed for your package delivery on [[current_date_0]]” and “USPS: Your digital receipt is ready” were among the most common real-world subject lines seen in Q4 2019. Others included “Twitter: Your Twitter account has been locked”, “Google: Please Complete the Required Steps”, “Cash App: Your Account Has Been Closed”, “Coinbase: Important Please Resolve Error Now” and “Would you mind taking a look at this invoice”, KnowBe4 warned.

Subject lines’ capitalisation and spelling mirror what was seen in the simulated and real-world phishing tests, the company added.

Image credit: ©stock.adobe.com/au/weerapat1003

Related News

CrowdStrike to buy Adaptive Shield

CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...

LockBit named nastiest malware of 2024

LockBit, a ransomware malware known to have been used to attack Australian targets, has been...

Extreme Networks launches ZTNA solution

Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd