Abstract connections

What Phishing Emails Are Your Employees Most Likely to Fall For?

Share with your network!

While there is always a lot of publicity around phishing attacks that use the brands we know and love, it’s the topic of the email that makes it effective. What Wombat Security has found is that the campaigns with the highest failure rates mimic common day-to-day tasks.

Social engineers who combine mundane topics with a sense of urgency for action, and perceived consequences for no action, have significant manipulative power over your users.

These are the phishing email topics with the highest failure rates over the past year of phishing campaigns:

  • Your package has arrived/your package is undeliverable
  • Change your password
  • You’re over your email quota
  • You need to do a security update
  • You've received a corporate electronic fax

The Corporate e-faxx phishing email had the single highest average failure rate (over 40%). Considering the fact that “faxx” is spelled incorrectly in the subject line, this is a pretty high failure rate and, in theory, an easy phishing email to recognize.

The highest failure rate of any single phishing simulated attack was an unbelievable 99% and was about an IT issue. Alternatively we have seen phishing campaigns that didn’t catch even one user, with topics such as online shopping, holiday cards, and updating social media passwords. This was clearly an educated user audience.

When you’re planning your security awareness and training program for next year, ensure you add some simulated phishing emails about everyday tasks so that you appropriately assess your users and motivate them to complete in-depth training.

Click here to get more information about our simulated phishing attacks tool and how this solution can help you assess vulnerability to attack, automatically increase training completion, and ultimately create secure behavior in your users.