KnowBe4 Releases Q4 2018 Top-Clicked Phishing Subject Lines

January 2, 2019


KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, reports on the top 10 most-clicked phishing subject lines. These subject lines could be part of a simulated phishing test sent to KnowBe4 users, or ‘in-the-wild’ emails that KnowBe4 users received and reported to their IT department as possible phishes. In reviewing the Q4 2018 most clicked subject lines, trends were easily identified; five subject line categories appeared quarter-over-quarter throughout 2018, including:

• Deliveries
• Passwords
• Company Policies
• Vacation
• IT Department (in-the-wild)

Additionally, three “in-the-wild subject lines” were clicked three out of four quarters, and included Amazon, Wells Fargo and Microsoft as keywords.

“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security. Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click.”

Rounding out its quarterly reviews, in Q4 2018 KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The company also examined ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

The Top 10 Most-Clicked General Email Subject Lines Globally for Q4 2018 include:

• Password Check Required Immediately/Change of Password Required Immediately 19%
• Your Order with Amazon Order Receipt 16%
• Announcement: Change in Holiday Schedule 11%
• Happy Holidays! Have a drink on us. 10%
• Problem with Bank Account 8%
• De-activation of [[email protected]] in Process 8%
• Wire Department 8%
• Revised Vacation & Sick Time Policy 7%
• Last reminder: please respond immediately 6%
• UPS Label Delivery 1ZBE312TNY00015011 6%

*Capitalisation and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ email subject lines, KnowBe4 found the most common throughout Q4 2018 included:
• Apple: You recently requested a password reset for your Apple ID
• Employee Satisfaction Survey
• Sharepoint: You Have Received 2 New Fax Messages
• Your Support Ticket is Closing
• Docusign: You’ve received a Document for Signature
• ZipRecruiter: ZipRecruiter Account Suspended
• IT System Support
• Amazon: Your Order Summary
• Office 365: Suspicious Activity Report
• Squarespace: Account billing failure

*Capitalisation and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

Businesses need to train their users to be their last line of defence. KnowBe4 has many free tools available at to test the users in their network.


Contact Us

+44 (0) 203 725 6841