Jump to content
  • These phishing email subjects get the most clicks


    Karlston

    • 540 views
    • 3 minutes
     Share


    • 540 views
    • 3 minutes

    It is nearly impossible to block all phishing emails before they land in user inboxes; this is true for home users and company employees alike. While the bulk is filtered out, some emails manage to bypass filters to land in the user's inbox.

     

    phishing-email-german.png

     

    Users exposed to phishing emails react differently, and one deciding factor is the subject line of the email according to research published by Kaspersky.

     

    While it is nearly impossible to run scientific tests in real world environments, phishing simulators come close to the real deal. Security companies and organizations may use phishing simulators in employee trainings.

     

    According to data from Kaspersky's Security Awareness Platform , subject lines that appear to be work or user related get the most clicks. System administrators may use Kaspersky's platform to mimic phishing emails, track results and use the data to raise awareness among employees. Kasperksy's study included results from over 29,500 employees from 100 countries.

     

    Nearly one in five employees clicked on links in the the most effective fake phishing email: 18.5% of employees fell for the email with the subject "Failed delivery attempt – Unfortunately, our courier was unable to deliver your item".

     

    The following table lists the phishing emails with the highest clickthrough ratios.

     

    Subject Sender Clickthrough
    Failed delivery attempt -- Unfortunately, our courier was unable to deliver your item Mail delivery service 18.5%
    Emails not delivered due to overloaded mail servers The Google support team 18%
    Online employee survey: What would you improve about working at the company HR Department 18%
    Reminder: New company-wide dress code Human Resources 17.5%
    Attention all employees: new building evacuation plan Safety Department 16%

     

    Kaspersky notes that other subjects, including booking reservation confirmations, order placement confirmations, or IKEA contest announcements, have high clickthrough ratios as well.

     

    Emails that contain threats or "instant benefits" had lower clickthrough ratings according to Kaspersky. Emails that claimed to have hacked a user's computer and know the search history had a 2% clickthrough rating, while free Netflix offers and $1000 tricked only 1% of employees.

     

    The difference may be partially explained by the work context in which the phishing simulation was carried out in. A Netflix offer may have more appeal to home users than employees. Similarly, threats that a computer has been hacked may weight more when it is a personal computer.

     

    Kaspersky recommends that organizations intensify employee training to raise phishing email awareness. The teaching of basic phishing email signs, such as inconsistent sender addresses, suspicious links or dramatic subject lines, may weed out a good percentage of emails.

     

    Well crafted phishing emails make it difficult to determine whether they are legitimate or not. Employees should contact the IT department when in doubt before opening the email or reacting to it.

     

    Closing Words

     

    It does not take a rocket scientist to come to conclude that phishing emails that users can relate to work best, but the click through numbers sound awfully high for this day and age. Phishing may lead to all sorts of issues, from planting malware in a company network to stealing authentication information and ransomware.

     

    Now You: have you encountered phishing emails recently? How do you verify that emails are legit?

     

     

     

    These phishing email subjects get the most clicks


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...