Q2 2020 KnowBe4 finds coronavirus-related phishing e-mail attacks spike

KnowBe4 releases Q2 2020 top-clicked phishing report.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, revealed the results of its Q2 2020 top-clicked phishing report.

The results found that phishing e-mail attacks related to COVID-19 remained frequent in Q2 2020. Covering the entire second quarter, simulated phishing tests with a message related to the coronavirus were the most popular, with a total of 56%. Social media messages are another area of concern when it comes to phishing. Within the same report, KnowBe4’s top-clicked social media e-mail subjects reveal password resets, tagging of photos and new messages.

“It’s no surprise that phishers and scammers are using the avalanche of new information and events involving the global coronavirus pandemic as a way to successfully phish more victims,” said Stu Sjouwerman, CEO, KnowBe4. “These phishing scams are becoming more aggressive and more targeted as this pandemic continues. Everyone should remain very sceptical of any e-mail related to COVID-19 coming into their inbox.”

ITWeb Security Summit 2020

Register now for the ITWeb Security Summit 2020 virtual event, and experience four days of international keynotes, sessions and workshops all for one price. The event will feature over 50 speakers, with all content being made available on demand online. To register, and for more information, please click here.

In Q2 2020, KnowBe4 examined tens of thousands of e-mail subject lines from simulated phishing tests. The organisation also reviewed ‘in-the-wild’ e-mail subject lines that show actual e-mails users received and reported to their IT departments as suspicious. The results are below.

Top 10 general e-mail subjects

  • Password Check Required Immediately
  • Vacation Policy Update
  • Branch/Corporate Reopening Schedule
  • COVID-19 Awareness
  • Coronavirus Stimulus Checks
  • List of Rescheduled Meetings Due to COVID-19
  • Confidential Information on COVID-19
  • COVID-19 - Now airborne, Increased community transmission
  • Fedex Tracking
  • Your meeting attendees are waiting!

* Capitalisation and spelling are as they were in the phishing test subject line.

** E-mail subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

When investigating ‘in-the-wild’ e-mail subject lines, KnowBe4 found the most common throughout Q2 2020 included:

  • Microsoft: Abnormal log in activity on Microsoft account
  • Chase: Stimulus Funds
  • HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines
  • Zoom: Restriction Notice Alert
  • Jira: [JIRA] A task was assigned to you
  • HR: Vacation Policy Update
  • Ring: Karen has shared a Ring Video with you
  • Workplace: [[company_name]] invited you to use Workplace
  • IT: ATTENTION: Security Violation
  • Earn money working from home

* Capitalisation and spelling are as they were in the phishing test subject line.

** In-the-wild e-mail subject lines represent actual e-mails users received and reported to their IT departments as suspicious. They are not simulated phishing test e-mails.

For more information on KnowBe4, visit www.knowbe4.com.

Share

KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 33,000 organizations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as the last line of defense.

Editorial contacts

Amanda Tarantino
Public Relations Officer KnowBe4
(727) 742 1853
amandat@knowbe4.com