What Phishing Emails Are Your Employees Most Likely to Fall For?
Share our post
While there is always a lot of publicity around phishing attacks that use the brands we know and love, it’s the topic of the email that makes it effective. What Wombat Security has found is that the campaigns with the highest failure rates mimic common day-to-day tasks.
Social engineers who combine mundane topics with a sense of urgency for action, and perceived consequences for no action, have significant manipulative power over your users.
These are the phishing email topics with the highest failure rates over the past year of phishing campaigns:
Your package has arrived/your package is undeliverable
Change your password
You’re over your email quota
You need to do a security update
You've received a corporate electronic fax
The Corporate e-faxx phishing email had the single highest average failure rate (over 40%). Considering the fact that “faxx” is spelled incorrectly in the subject line, this is a pretty high failure rate and, in theory, an easy phishing email to recognize.
The highest failure rate of any single phishing simulated attack was an unbelievable 99% and was about an IT issue. Alternatively we have seen phishing campaigns that didn’t catch even one user, with topics such as online shopping, holiday cards, and updating social media passwords. This was clearly an educated user audience.
When you’re planning your security awareness and training program for next year, ensure you add some simulated phishing emails about everyday tasks so that you appropriately assess your users and motivate them to complete in-depth training.