Cyber Risk Management Solutions

Wondering what the top phishing email subject lines from Q4 of 2018? KnowBe4 reports on this every quarter. Take a look at the infographic, you may be surprised to see what hackers are using!


Here at Cybriant, we are no longer surprised to see the phishing email subject lines that are our users click on. Even the best, most highly trained employees can be tricked. It seems you have to be suspicious of each and every email that comes into your inbox. 

Through our PREtect ADVANCED service, we have the ability to stop any malicious activity before it can execute. 

PREtect ADVANCED is the second level of our tiered cybersecurity service, adding next-generation endpoint technology which utilizes AI and machine learning to insulate endpoint devices from malicious code while capturing and analyzing forensic data which Cybriant’s Security Engineers can then utilize to further isolate and remedy the threat.

PREtect ADVANCED features Endpoint Protection Including:

  • True Zero-Day Protection
  • AI-Driven Malware Prevention
  • Script Management
  • Device Usage Policy Enforcement
  • Memory Exploitation Detection and PRevention
  • Application Control for Fixed -Function Devices

Top Phishing Email Subject Lines

Even with this amazing service, you should always train your employees to know what to look for. According to the infographic below, the top general phishing email subject lines are: 

  1. Password Check Required Immediately
  2. Your Order with Amazon/Your Amazon Order Receipt
  3. Announcement: Change in Holiday Schedule
  4. Happy Holidays! Have a Drink On Us.
  5. Have a Drink on Us
  6. De-Activation of [[EMAIL]] in Process
  7. Wire Department
  8. Revised Vacation & Sick Time Policy
  9. Last Reminder: Please respond immediately
  10. UPS Label Delivery: 1ZBE312TNY00005011

From KnowBe4, the top security awareness training company:

KnowBe4 reports every quarter on the top-clicked phishing emails. Here we have the results for Q4 2018. We track three different categories: general email subjects, those related to social media and ‘in the wild’ attacks. The results come from a combination of the simulated phishing email subject lines used by our customers as well as from the millions of users that click our no-charge Phish Alert Button to report suspicious emails to their IT Incident Response team.

Trends That Persisted Throughout 2018

In reviewing the Q4 2018 most clicked subject lines, trends were easily identified; five subject line categories appeared quarter-over-quarter throughout 2018, including:

  • Deliveries
  • Passwords
  • Company Policies
  • Vacation
  • IT Department (in-the-wild)

Additionally, three “in-the-wild subject lines” were clicked three out of four quarters and included Amazon, Wells Fargo and Microsoft as keywords.

The Subject Lines Tell Us Users Are Concerned About Security

“Clicking an email is as much about human psychology as it is about accomplishing a task,” said Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “The fact that we saw ‘password’ subject lines clicked four out of four quarters shows us that users are concerned about security.

Likewise, users clicked on messages about company policies and deliveries each quarter showing a general curiosity about issues that matter to them. Knowing this information gives corporate IT departments tangible data to share with their users and to help them understand how to think before they click.”

Here is the full InfoGraphic of top subjects in all categories for the last quarter, the top 10 most-clicked general email subjects in Q4 2018, and most common ‘in the wild’ attacks during that period.

Read the full report here.