Q4 2018 Top-Clicked Phishing Email Subjects

Trends That Persisted Throughout 2018

In reviewing the Q4 2018 most clicked subject lines, trends were easily identified; five subject line categories appeared quarter-over-quarter throughout 2018, including:

• Deliveries
• Passwords
• Company Policies
• Vacation

Top 10 Most-Clicked General Email Subjects in Q4 2018:

• Password Check Required Immediately/Change of Password
  Required Immediately 19%
• Your Order with Amazon.com/Your Amazon Order Receipt 16%
• Announcement: Change in Holiday Schedule 11%
• Happy Holidays! Have a drink on us. 10%
• Problem with the Bank Account 8%
• De-activation of [[email]] in Process 8%
• Wire Department 8%
• Revised Vacation & Sick Time Policy 7%
• Last reminder: please respond immediately 6%
• UPS Label Delivery 1ZBE312TNY00015011 6%

As you get time, please look over this graphic carefully as it shows what to look out for in phishing emails.

Click Image to View Larger

Phishing lures imitate applications, social media, private cloud storage and shipping companies.

DocuSign, Office365 and OneDrive have remained consistently popular lures throughout 2018 (screenshot below).

Most lures imitated applications (Adobe, DocuSign and Office 365), social media
(Facebook), cloud storage (Dropbox, OneDrive and Google), and shipping companies (FedEx). The greatest success rate results from the generic invoice lure. Rather than phishing for credentials, this email attack attaches a malicious document disguised as an invoice.

Click Image to View Larger