Phishing is the main security threat faced by companies and detailed here are the main phishing lures of 2018. These lures have proven to be the most effective at getting end users to divulge sensitive information or install malware.

Deducing the top phishing lures is not simple. Many groups are required to publicly share details of data breaches to adhere with industry regulations, but details of the phishing lures that have fooled employees are not usually made public.

Instead, the best method to deduce the top phishing lures is to use data from security awareness training companies. These businesses have created platforms that businesses can use to run phishing simulation exercises. To obtain reliable data on the most effective phishing lures it is necessary to review huge volumes of data. Since these phishing simulation platforms are used to send millions of dummy phishing emails to employees and track responses, they are useful for finding out the most successful phishing lures.

In the past couple of weeks, two security awareness training businesses have released reports detailing the top phishing lures of 2018: Cofense and KnowBe4.

Cofense has established two lists of the top phishing lures of 2018. One is based on the Cofense Intelligence platform which gathers data on real phishing attacks and the second list is put together using responses to phishing simulations.

Both lists feature phishing attacks that include fake invoices. Seven out of the ten most effective phishing campaigns of 2018 referred to invoice in the subject line. The other three were also finance linked: Payment remittance, statement and payment. This make sense. The finance department is the primary target in phishing attacks on companies.

The list of the top phishing lures from phishing simulations also heavily featured fake invoices, which outnumbered the second most visitied phishing lure by 2 to 1.

Rank Phishing Subject/Theme Number of Reported Emails
1 Attached Invoice 4,796
2 Payment Notification 2,267
3 New Message in Mailbox 2,088
4 Online Order (Attachment) 679
5 Fax Message 629
6 Secure Message (MS Office Macro) 408
7 Online Order (Hyperlink) 399
8 Confidential Scanned document (Attachment) 330
9 Conversational Wire transfer (BEC Scam) 278
10 Bill Copy 251


Main Phishing Lures on the KnowBe4 Platform

KnowBe4 has created and shared two lists of the top phishing lures of Q3, 2018, which were compiled from responses to simulated phishing emails and real-world phishing campaigns targeting businesses that were reported to IT security departments.

The most common real-world phishing attacks witnessed during Q3 were:

Rank Subject
1 You have a new encrypted message
2 IT: Syncing Error – Returned incoming messages
3 HR: Contact information
4 FedEx: Sorry we missed you.
5 Microsoft: Multiple log in attempts
7 Wells Fargo: Irregular Activities Detected on Your Credit Card
8 LinkedIn: Your account is at risk!
9 Microsoft/Office 365: [Reminder]: your secured message
10 Coinbase: Your cryptocurrency wallet: Two-factor settings changed


The most commonly phishing lures witnessed in Q3 were:

Rank Subject % of Emails Clicked
1 Password Check Required Immediately 34%
2 You Have a New Voicemail 13%
3 Your order is on the way 11%
4 Change of Password Required Immediately 9%
5 De-activation of [[email]] in Process 8%
6 UPS Label Delivery 1ZBE312TNY00015011 6%
7 Revised Vacation & Sick Time Policy 6%
8 You’ve received a Document for Signature 5%
9 Spam Notification: 1 New Messages 4%
10 [ACTION REQUIRED] – Potential Acceptable Use Violation 4%


If login credentials to email accounts, Office 365, Dropbox, and other cloud services are stolen by hackers, the accounts can be plundered. Sensitive date can be stolen and Office 365/email accounts can be used for other phishing attacks on other staff members. If malware is downloaded, hackers can gain full control of infected devices. The cost of addressing these attacks is considerable and a successful phishing attack can seriously damage a company’s business reputation.

Due to the damage that can be inflicted by phishing, it is essential for companies of all sizes to train staff how to identify phishing threats and put in place a system that allows suspicious emails to be reported to security teams quickly. Resilience to phishing attacks can be greatly enhanced with an good training program and phishing email simulations. It is also vital to use an effective email security solution that blocks threats and ensures they are not sent to inboxes.

SpamTitan is a highly effective, easy to put in place email filtering solution that blocks more than 99.9% of spam and phishing emails and 100% of known malware using dual antivirus engines (Bitdefender and ClamAV). With SpamTitan safeguarding inboxes, companies are less reliant on their employees’ ability to identify phishing dangers.

SpamTitan uses a barrage of checks on each incoming email to  to determine if a message is real and should be delivered or is potentially malicious and should be blocked. SpamTitan also conducts checks on outbound emails to ensure that in the event that an email account is infiltrated, it cannot be used to end spam and phishing emails internally and to clients and contacts, thus helping to safeguard the reputation of the firm.

” alt=”” aria-hidden=”true” />

To discover more about SpamTitan, including details of pricing and to sign up for a free trial, contact the TitanHQ team today. During your free trial you will see how much better SpamTitan is at preventing phishing attacks than standard Office 365 anti-spam measures.