Virtualization Technology News and Information
KnowBe4 Finds U.S. Phishing Emails Focus on Password Alerts and Policy Changes While EMEA Focuses on Everyday Tasks

KnowBe4, the provider of the world's largest security awareness training and simulated phishing platform, announced the results of its Q4 2021 top-clicked phishing report.

"When comparing the results from the U.S. phishing emails to those in Europe, the Middle East and Africa (EMEA), email subjects in the U.S. appear to originate from the users' organizations and are focused on security alerts related to passwords and internal company policy changes," said Stu Sjouwerman, CEO, KnowBe4. "However, in EMEA, the top subjects are related to users' everyday tasks and the subject lines appear to be more personalized to entice the user to click. As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organization."

Top 10 Email Categories Globally:

  1. Business
  2. Online Services
  3. Human Resources
  4. IT
  5. Banking and Finance
  6. Coronavirus/COVID-19 Phishing
  7. Mail Notifications
  8. Holiday
  9. Phishing for Sensitive Information
  10. Social Networking

Top phishing email subjects were also broken out, comparing those in the U.S. to those in EMEA. In Q4 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also reviewed ‘in-the-wild' email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top Phishing Email Subjects:

The U.S.

  1. Password Check Required Immediately
  2. Important: Dress Code Changes
  3. Vacation Policy Update
  4. Important Social Media Policy Change
  5. Employee Discounts on Amazon for your Holiday Shopping


  1. Accept Invitation - Staff Meeting via Teams
  2. Employee Portal - Timecard Not Submitted
  3. Enclosed attachment for your review
  4. Immediate password verification required
  5. [[company_name]] Invoice

Capitalization and spelling are as they were in the phishing test subject line.
Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

Common "In-the-Wild" attacks:

  • IT: Cloud Enrollment
  • Special Project Information
  • You Have Some New Messages
  • Teams Events
  • Microsoft: Private Shared Document Received
Published Wednesday, January 19, 2022 10:24 AM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<January 2022>