[BreachExchange] Data Breach Notification Most Clicked Subject in Phishing Tests

[Destry Winant]

https://www.infosecurity-magazine.com/news/data-breach-notification-phishing/

The most common subject line to get an employee’s attention and act to
click relates to data breaches.

According to the top 10 global phishing email subject lines for Q3
2017 by KnowBe4, examining email subject lines from simulated phishing
tests, the most clicked was ‘Official Data Breach Notification’
followed by common tactics such as fake delivery notes and workplace
issues, including password expiry advisories, account updates and
information claiming to be from HR.

“Phishing attacks are responsible for more than 90% of successful
cyber-attacks and the level of sophistication hackers are now using
makes it nearly impossible for a piece of technology to keep an
organization protected against social engineering threats,” said Perry
Carpenter, chief evangelist and strategy officer of KnowBe4.

Speaking to Infosecurity, Carpenter said that although companies spend
$100,000s on security technology it only takes one malicious person to
get in and cause a breach. He explained that security training remains
key as often the main cause of data breaches is phishing, and if you
improve behavior it can reduce the attack surface.

“We see urgency and fear of a breach as the drivers,” he said. “We
have over 1400 templates and a concentration of themes so we know what
is highly effective.”

Speaking on data breach notification accounting for 14% of the most
clicked subject lines in phishing simulations, Carpenter added that
getting a personalized email will capture the recipient’s interest and
with the amount of reported data breaches, users will be expecting
emails such as that.

“Phishing attacks are smart, personalized and timed to match topical
news cycles. Businesses have a responsibility to their employees,
their shareholders and their clients to prevent phishing schemes.”