COMMON " IN THE WILD " ATTACKS
Equipment and Software Update Mail Notification : You have 5 Encrypted Messages Amazon : Amazon - delayed shipping Google : Password Expiration Notice Action required : Your payment was declined Wells Fargo : Transfer Completed DocuSign : Please review and sign your document
The 2022 phishing test also revealed the top vector for Q3 to be phishing links in the body of an email .
TOP EMAIL SUBJECTS GLOBALLY
Main points from today ' s meeting
USAA : Account Suspension
Employee Expense Reimbursement for [[ email ]]
Google : You were mentioned in a document : " Strategic Plan Draft "
IT : IT Satisfaction Survey
Zoom : [[ manager _ name ]] has sent you a message via Zoom Message Portal
Microsoft : Microsoft account security code
Business phishing emails are the most clicked subject category across the world . These range from messages purporting to be from internal organizational departments , to external requests for information that convey a sense of urgency and entice users to take an action .
IT : Internet Report
Acknowledge Your Appraisal
Password Check Required Immediately
HR : Vacation Policy Update
HR : Important : Dress Code Changes
Adobe Sign : Your
We have seen a lot more business related subjects coming from HR / IT / Managers in recent months . Others involve logins on new devices and password resets . These attacks are effective because they could potentially affect users ' daily work , and cause a person to react before thinking logically about the legitimacy of the email .
TOP 5 ATTACK VECTOR TYPES
Phishing Hyperlink in the Email
Appears to Come From the User ' s Domain
Email Contains a PDF Attachment
Phishing Test Link Has User ' s Organizational Logo and Name
Credentials Landing Page
Phishing Link Directs User to Data Entry or Login Landing Page
This is a ranking of top attack vector types used in KnowBe4 Phishing Security Tests . Unsurprisingly , the # 1 vector for the past quarter from our phishing tests and those seen in the wild are phishing links in the email body . When these links are clicked they often lead to disastrous cyberattacks such as ransomware and business email compromise .
SECURITY AWARENESS TRAINING | WWW . KNOWBE4 . COM www . intelligentciso . com