Editorial & Advertiser disclosure

Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Home > Business > KNOWBE4 RELEASES QUARTERLY TOP-CLICKED PHISHING REPORT FOR Q2 2017

KNOWBE4 RELEASES QUARTERLY TOP-CLICKED PHISHING REPORT FOR Q2 2017

Published by Gbaf News

Posted on July 20, 2017

6 min read

Last updated: January 21, 2026

Moldovan leader discusses gas crisis in Transdniestria region - Global Banking & Finance Review — Image depicting the urgent gas supply crisis in Moldova's Transdniestria region, highlighting the call for assistance from the central government amid rising humanitarian concerns.

Results Show Human Error Continues to Be an Organisation’s Weakest Link

KnowBe4, the provider of the world’s most popular security awareness training and simulated phishing platform,today shared its Top 10 Global Phishing Email Subject Lines for Q2 2017. While the results show that users click most frequently on business-related subject lines (“Security Alert” is the highest ranked at 21 per cent), they still click with alarming frequency on subject lines not related to work topics and showing red flags.

According to Osterman Research, email has been the number one network infection vector since 2014. It’s an effective method because it gives attackers more control than merely placing traps on the web and hoping that people will stumble over them. Instead, attackers craft and distribute enticing material to both random and targeted means. This method gives the cybercriminals greater control in selecting potential victims, leveraging multiple psychological triggers and engaging in what amounts to a continuous maturity cycle.

The Top 10 Global Most-Clicked Global Phishing Email Subject Lines for Q2 2017 include:

Security Alert – 21%
Revised Vacation & Sick Time Policy – 14%
UPS Label Delivery 1ZBE312TNY00015011 – 10%
BREAKING: United Airlines Passenger Dies from Brain Haemorrhage – VIDEO – 10%
A Delivery Attempt was made – 10%
All Employees: Update your Healthcare Info – 9%
Change of Password Required Immediately – 8%
Password Check Required Immediately – 7%
Unusual sign-in activity – 6%
Urgent Action Required – 6%

*Capitalisation is as it was in the phishing test subject line

“The subject lines we are reporting here actually made it through all the corporate filters and into the inbox of an employee. That’s astounding. We are in a security arms race, and a multi-layered defence is critical because each layer has different points of effectiveness and ineffectiveness,” said Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4. “If crafted correctly, the right type of message can sail through all of the defences because it is finding the least effective point of each and playing into the human psyche of wanting to receive something you didn’t know about or needing to intervene before something is taken away. Ultimately this means that a company’s ‘human firewall’ is an essential element of organisational security because people truly are the last line of defence.”

Businesses have to also be aware that social media messages to their users are potential landmines to their corporate networks. KnowBe4 evaluated the Top 10 Global Social Networking Subject Lines and found that four of the top 10 spots equaling a full 44 per cent were related to LinkedIn messages, which users often have tied to their work email addresses.

As part of its ongoing research efforts, In October 2016 KnowBe4 evaluated more than 10,000 email servers and found that 82 per cent of them were misconfigured, allowing spoofed emails to successfully bypass endpoint security systems and enter an organisation’s network. Aggregating information on the most clicked phishing test subject lines and sharing that data with clients is another way that KnowBe4 is helping protect against social engineering tactics that continue to plague businesses around the globe, resulting in growing ransomware, CEO fraud and other phishing-initiated attacks.

Businesses that are not already working with KnowBe4 to effectively train their workforce into a “human firewall” can utilise a number of free tools at www.knowbe4.com to test their users and their network.

Results Show Human Error Continues to Be an Organisation’s Weakest Link

KnowBe4, the provider of the world’s most popular security awareness training and simulated phishing platform,today shared its Top 10 Global Phishing Email Subject Lines for Q2 2017. While the results show that users click most frequently on business-related subject lines (“Security Alert” is the highest ranked at 21 per cent), they still click with alarming frequency on subject lines not related to work topics and showing red flags.

According to Osterman Research, email has been the number one network infection vector since 2014. It’s an effective method because it gives attackers more control than merely placing traps on the web and hoping that people will stumble over them. Instead, attackers craft and distribute enticing material to both random and targeted means. This method gives the cybercriminals greater control in selecting potential victims, leveraging multiple psychological triggers and engaging in what amounts to a continuous maturity cycle.

The Top 10 Global Most-Clicked Global Phishing Email Subject Lines for Q2 2017 include:

Security Alert – 21%
Revised Vacation & Sick Time Policy – 14%
UPS Label Delivery 1ZBE312TNY00015011 – 10%
BREAKING: United Airlines Passenger Dies from Brain Haemorrhage – VIDEO – 10%
A Delivery Attempt was made – 10%
All Employees: Update your Healthcare Info – 9%
Change of Password Required Immediately – 8%
Password Check Required Immediately – 7%
Unusual sign-in activity – 6%
Urgent Action Required – 6%

*Capitalisation is as it was in the phishing test subject line

“The subject lines we are reporting here actually made it through all the corporate filters and into the inbox of an employee. That’s astounding. We are in a security arms race, and a multi-layered defence is critical because each layer has different points of effectiveness and ineffectiveness,” said Perry Carpenter, Chief Evangelist and Strategy Officer at KnowBe4. “If crafted correctly, the right type of message can sail through all of the defences because it is finding the least effective point of each and playing into the human psyche of wanting to receive something you didn’t know about or needing to intervene before something is taken away. Ultimately this means that a company’s ‘human firewall’ is an essential element of organisational security because people truly are the last line of defence.”

Businesses have to also be aware that social media messages to their users are potential landmines to their corporate networks. KnowBe4 evaluated the Top 10 Global Social Networking Subject Lines and found that four of the top 10 spots equaling a full 44 per cent were related to LinkedIn messages, which users often have tied to their work email addresses.

As part of its ongoing research efforts, In October 2016 KnowBe4 evaluated more than 10,000 email servers and found that 82 per cent of them were misconfigured, allowing spoofed emails to successfully bypass endpoint security systems and enter an organisation’s network. Aggregating information on the most clicked phishing test subject lines and sharing that data with clients is another way that KnowBe4 is helping protect against social engineering tactics that continue to plague businesses around the globe, resulting in growing ransomware, CEO fraud and other phishing-initiated attacks.

Businesses that are not already working with KnowBe4 to effectively train their workforce into a “human firewall” can utilise a number of free tools at www.knowbe4.com to test their users and their network.