KnowBe4 Finds U.S. Phishing Emails Focus on Password Alerts and Policy Changes While EMEA Focuses on Everyday Tasks

Rhea-AI Summary

KnowBe4 has released its Q4 2021 global phishing report, analyzing phishing email trends in the U.S. and EMEA regions. The report indicates that U.S. phishing emails often mimic internal organizational communications, focusing on security alerts and policy changes, while EMEA emails are more personalized and task-oriented. The top-clicked phishing email subjects included items like 'Password Check Required Immediately' in the U.S. and 'Accept Invitation - Staff Meeting via Teams' in EMEA. More than 44,000 organizations rely on KnowBe4 for security awareness training.

Positive

• KnowBe4 supports over 44,000 organizations globally, indicating strong market presence.
• The report highlights awareness of phishing threats, potentially increasing demand for training services.

Negative

• None.

KnowBe4 releases Q4 2021 global phishing report

TAMPA BAY, Fla.--(BUSINESS WIRE)-- KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced the results of its Q4 2021 top-clicked phishing report.

KnowBe4 Q4 2021 Top-Clicked Phishing Report Infographic (Graphic: Business Wire)

“When comparing the results from the U.S. phishing emails to those in Europe, the Middle East and Africa (EMEA), email subjects in the U.S. appear to originate from the users’ organizations and are focused on security alerts related to passwords and internal company policy changes,” said Stu Sjouwerman, CEO, KnowBe4. “However, in EMEA, the top subjects are related to users’ everyday tasks and the subject lines appear to be more personalized to entice the user to click. As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping in particular. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organization.”

Top 10 Email Categories Globally:

1. Business
2. Online Services
3. Human Resources
4. IT
5. Banking and Finance
6. Coronavirus/COVID-19 Phishing
7. Mail Notifications
8. Holiday
9. Phishing for Sensitive Information
10. Social Networking

Top phishing email subjects were also broken out, comparing those in the U.S. to those in EMEA. In Q4 2021, KnowBe4 examined tens of thousands of email subject lines from simulated phishing tests. The organization also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below.

Top Phishing Email Subjects:

The U.S.

1. Password Check Required Immediately
2. Important: Dress Code Changes
3. Vacation Policy Update
4. Important Social Media Policy Change
5. Employee Discounts on Amazon for your Holiday Shopping

EMEA

1. Accept Invitation - Staff Meeting via Teams
2. Employee Portal - Timecard Not Submitted
3. Enclosed attachment for your review
4. Immediate password verification required
5. [[company_name]] Invoice

*Capitalization and spelling are as they were in the phishing test subject line.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers.

Common “In-the-Wild” attacks:

• IT: Cloud Enrollment
• Special Project Information
• You Have Some New Messages
• Teams Events
• Microsoft: Private Shared Document Received

*Capitalization and spelling are as they were in the phishing test subject line.
**In-the-wild email subject lines represent actual emails users received and reported to their IT departments as suspicious. They are not simulated phishing test emails.

For more information on KnowBe4, visit www.knowbe4.com.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 44,000 organizations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognized cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organizations rely on KnowBe4 to mobilize their end users as their last line of defense.

View source version on businesswire.com: https://www.businesswire.com/news/home/20220119005245/en/

Amanda Tarantino

amandat@knowbe4.com

Source: KnowBe4

FAQ

What does KnowBe4's Q4 2021 phishing report reveal?

KnowBe4's Q4 2021 phishing report highlights phishing email trends, particularly focusing on the differences in phishing tactics used in the U.S. versus EMEA.

What were the top phishing email subjects in the U.S. according to KnowBe4?

The top phishing email subjects in the U.S. included 'Password Check Required Immediately' and 'Important: Dress Code Changes'.

How many organizations use KnowBe4's training services?

KnowBe4 provides security awareness training to more than 44,000 organizations worldwide.

What regions did KnowBe4's phishing report focus on?

KnowBe4's phishing report compared phishing email trends in the U.S. and the EMEA (Europe, Middle East, and Africa) regions.

What kind of phishing email categories were identified in the report?

The report identified categories like Business, Online Services, and Human Resources among the top-clicked phishing emails.