Javvad Mailk, Security Awareness Advocate of KnowBe4, gives his insight on phishing attempts over the last quarter
Humans are curious. They also want to inherently “fix” things”. And they’re social beings. These are all traits that cyber attackers prey on – it’s what makes phishing so successful. Every quarter, we look to analyse what types of phishing attacks (simulated and in the wild) are the most clicked, so it gives organisations intelligence that they can use to improve security awareness within their businesses.
This last quarter showed us that, hey, this education does not fall on deaf ears – since those duped by COVID themed phishing emails actually decreased from previous quarters. This is a great sign; however, we also saw an increase in emails purporting to be from HR or even security-related notifications.
What this tells us is that the bad guys are unrelenting and always coming up with new ways to trick humans into clicking their links or downloading files. One only needs to look back a few weeks to see how much devastation ransomware has caused, particularly on critical infrastructure and services. And its route into the organisation? Phishing.
So, what are the most successful phishing attempts? LinkedIn phishing messages have dominated the social media category for the last three years. Users may perceive these emails as legitimate since LinkedIn is a professional network, which could pose significant problems because many LinkedIn users have their accounts tied to their corporate email addresses. Top-clicked subjects in this category also include Facebook and Twitter notifications, message alerts and login alerts.
The Top 10 Most-Clicked General Email Subject Lines Globally for the past quarter Include:
- Password Check Required Immediately
- Revised Vacation & Sick Time Policy
- COVID-19 Remote Work Policy Update
- COVID-19 Vaccine Interest Survey
- Important: Dress Code Changes
- Scheduled Server Maintenance — No Internet Access
- De-activation of [[email]] in Process
- Test of the [[company_name]] Emergency Notification System
- Scanned image from MX2310U@[[domain]]
- Recent Activity Report
Most Common ‘In-The-Wild’ Emails for the quarter Included:
- Microsoft 365: Scheduled Server Backup
- IT: IT-Help Ticket Survey Invitation
- Warning: Your E-mail account has just sent 260 E-Mails
- Amazon Prime: Action required – Card on file has been declined
- License Update
- Google: Take action to secure your compromised passwords
- Apple: Prize winner! We need your confirmation
- Zoom: You missed a Zoom meeting
- HR: Your payroll details needs updating
- Facebook: Important message regarding your Facebook profile
Studies such as this are important resources for organisations because they can use results to inform employees. In fact, other more general schemes like the NCSC’s suspicious email reporting service are vital to raise awareness. In the first two months of launching this tool, the NCSC received over a million reports of suspicious emails.
It goes to show that people can play an important role in identifying and reporting fraud and phishing emails and organisations should make it easy for employees and customers to report any suspicious activity. When employees feel involved as part of the solution, they are more likely to take security seriously and be vigilant with their emails.