What are the most attractive phishing lures? Security, package delivery, password expiration/change and company-related notifications, according to simulated test findings from Tampa Bay, Fla. cybersecurity firm KnowBe4.
KnowBe4 tracked examined tens of thousands of email subject lines from simulated phishing tests to uncover just what makes a user want to click over the third quarter of 2017. A number of financial institutions were among those tested.
The top 10 list represents a mix of personal and company notifications, showed email continues to be an effective way to phish users:
1. Official Data Breach Notification: 14%
2. UPS Label Delivery 1ZBE312TNY00015011: 12%
3. IT Reminder: Your Password Expires in Less Than 24 Hours: 12%
4. Change of Password Required Immediately: 10%
5. Please Read Important from Human Resources: 10%
6. All Employees: Update your Healthcare Info: 10%
7. Revised Vacation & Sick Time Policy: 8%
8. Quick company survey: 8%
9. A Delivery Attempt was made: 8%
10. Email Account Updates: 8%
Mike Rogers, the former chairman of the House Intelligence Committee, spoke last week at the U.S. Chamber of Commerce's cybersecurity summit about phishing attacks, as the next big attack vector, and their increased potential to dramatically impact an organization's economic loss and liability. He noted that cybercriminals, particularly those with nation-state backing, have created such sophisticated email phishing attacks that it is nearly impossible to defend against malware infections.
Rogers also cited that the availability of personal information on social media sites as driving advanced social engineering by cybercriminals, who use the information to create highly personalized phishing schemes. Rogers said sophisticated phishing emails are responsible for more than 90% percent of successful cyberattacks.
In addition to the top 10 most-clicked general email subject lines, KnowBe4 also evaluated the top 10 global social networking subject lines for Q3 2017. These subject lines represent simulated phishing tests that KnowBe4 clients sent to a user's inbox as if they were coming from a social media site and reflecting some sort of account activity. Following in the footsteps from Q2, four of the top 10 spots again went to LinkedIn, which users often have tied to their work email addresses. This, too, plays into the human psyche, as people want to connect and manage their reputation on their social networking sites so often open and interact with emails from the sites. LinkedIn poses an interesting dilemma for organizations and their employees as it is important to both have an updated and active presence on LinkedIn, yet the platform is obviously highly targeted by cybercriminals for social engineering and phishing activities.
“By playing into the human psyche, hackers will successfully continue to infiltrate an organization through a phishing email. The level of sophistication hackers are now using makes it nearly impossible for a piece of technology to keep an organization protected against social engineering threats,” Perry Carpenter, chief evangelist and strategy officer at KnowBe4, said. “Phishing attacks are smart, personalized and timed to match topical news cycles. Businesses have a responsibility to their employees, their shareholders and their clients to prevent phishing schemes. KnowBe4 has a proven track record of helping them do just that.”
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
