Phishing is the most serious one security threat faced by companies. It is a tried and tested social engineering tactic that is favored by hacker as it is very effective.

Phishing emails can be used to trick device users into installing malware or disclosing their login credentials. It is an easy way for hackers to gain a foothold in a network to conduct further phishing attacks on a company.

Phishing works because it targets the most vulnerable link in security defenses: End users. If an email is sent to an inbox, there is a good chance that the email will be opened. Messages range a variety of sneaky tricks to fool end users into taking a specific action such as opening a malicious email attachment or visiting an embedded hyperlink.

Listed here are the main phishing lures of 2018 – Tte messages that have proven to be the most successful at getting end users to divulge sensitive information or download malware.

Main Phishing Lures of 2018

Identifying the top phishing lures is not straightforward. Many groups are obligated to publicly disclose data breaches to comply with industry regulations, but details of the phishing lures that have tricked employees are not usually made available for public consumption.

Instead, the best way to identify the top phishing lures is to study data from security awareness training companies. These companies have developed platforms that companies can use to conduct phishing simulation exercises. To obtain reliable data on the most effective phishing lures it is necessary to analyze huge amounts of data. Since these phishing simulation platforms are used to share millions of dummy phishing emails to employees and record responses, they are useful for identifying the most effective phishing lures.

In the recent weeks, two security awareness training businesses have released reports detailing the top phishing lures of 2018: Cofense and KnowBe4.

Main Phishing Lures on the Cofense Platform

Cofense has developed two lists of the top phishing lures of 2018. One uses the Cofense Intelligence platform which collates data on real phishing attacks and the second list is compiled from reactions to phishing simulations.

Both lists mainly feature phishing attacks involving fake invoices. 70% of the most effective phishing campaigns of 2018 mentioned invoice in the subject line. The other three were also linked to finance: Payment remittance, statement and payment. This makes sense as the finance department is the primary target in phishing attacks on companies.

The list of the main phishing lures from phishing simulations were also heavily dominated by fake invoices, which outnumbered the second most clicked phishing lure by double.

Rank Phishing Subject/Theme Number of Reported Emails
1 Attached Invoice 4,796
2 Payment Notification 2,267
3 New Message in Mailbox 2,088
4 Online Order (Attachment) 679
5 Fax Message 629
6 Secure Message (MS Office Macro) 408
7 Online Order (Hyperlink) 399
8 Confidential Scanned document (Attachment) 330
9 Conversational Wire transfer (BEC Scam) 278
10 Bill Copy 251


Main Phishing Lures on the KnowBe4 Platform

KnowBe4 has published two lists of the main phishing lures of Q3, 2018, which were created using responses to simulated phishing emails and real-world phishing attempted on companies that were reported to IT security departments.

The most common real-world phishing attacks recorded in Q3 were:

Rank Subject
1 You have a new encrypted message
2 IT: Syncing Error – Returned incoming messages
3 HR: Contact information
4 FedEx: Sorry we missed you.
5 Microsoft: Multiple log in attempts
7 Wells Fargo: Irregular Activities Detected on Your Credit Card
8 LinkedIn: Your account is at risk!
9 Microsoft/Office 365: [Reminder]: your secured message
10 Coinbase: Your cryptocurrency wallet: Two-factor settings changed


The most commonly clicked phishing tricks in Q3 were:

Rank Subject % of Emails Clicked
1 Password Check Required Immediately 34%
2 You Have a New Voicemail 13%
3 Your order is on the way 11%
4 Change of Password Required Immediately 9%
5 De-activation of [[email]] in Process 8%
6 UPS Label Delivery 1ZBE312TNY00015011 6%
7 Revised Vacation & Sick Time Policy 6%
8 You’ve received a Document for Signature 5%
9 Spam Notification: 1 New Messages 4%
10 [ACTION REQUIRED] – Potential Acceptable Use Violation 4%


Blocking Phishing Attacks at their Source

If login details for email accounts, Office 365, Dropbox, and other cloud services are obtained by scammers, the accounts can be plundered. Sensitive information can be illegally taken and Office 365/email accounts can be used for further phishing attacks on other workers. If malware is downloaded, scammers can gain full control of infected devices. The cost of addressing these attacks is massive and a successful phishing attack can seriously harm a company’s reputation.

Due to the damage that can be inflicted through phishing, it is essential for companies of all sizes to train staff how to identify phishing threats and put in place a system that allows suspicious emails to be reported to security teams swiftly. Resilience to phishing attacks can be greatly enhanced with an effective training program and phishing email simulations. It is also essential to implement an effective email security solution that blocks threats and ensures they do not land in inboxes.

SpamTitan is once such solution. It is an easy to configure email filtering solution that prevents more than 99.9% of spam and phishing emails and 100% of known malware through dual anti-virus engines (Bitdefender and ClamAV). With SpamTitan securing inboxes, businesses are less reliant on their employees’ ability to spot phishing threats.

SpamTitan rigorously checks every incoming email to determine if a message is genuine and should be delivered or is potentially malicious and should be prevented. SpamTitan also carries out checks on outbound emails to see to it, should an an email account is compromised, it cannot be used to end spam and phishing emails internally and to clients and contacts, thus helping to safeguard the reputation of the business.

Strengthen Office 365 Email Security with SpamTitan

There are in excess of 135 million subscribers to Office 365, and such high numbers make Office 365 a big target for scammers. One of the chief ways that Office 365 credentials are obtained is via phishing. Emails are designed to get around Office 365 defenses and hyperlinks are used to direct end users to fake Office 365 login pages where details are harvested.

Companies that have configured Office 365 are likely to still see a huge rise in the number of malicious emails delivered to inboxes. To strengthen Office 365 security, a third-party email filtering control is needed. If SpamTitan is set up with Office 365, a higher percentage of phishing emails and other email threats can be prevented at source.

To discover more about SpamTitan, including details of pricing and to register for a free trial, get in touch with the TitanHQ team today.