IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Kaspersky finds most effective phishing emails imitate corporate messages, delivery notifications

Almost one in five employees clicked links in business related emails, but most emails containing threats or promising money were identified as phishing

A fishing hook rests on top of a stack of credit cards, while a padlock sits in the background out of focus

Kaspersky Lab has used phishing simulator data in a study that has revealed employees are most likely to click on a phishing link within an email if the subject line and sender appear to relate to work or a missed delivery.

The most effective phishing email in the study carried the subject line “Failed delivery attempt - Unfortunately, our courier was unable to deliver your item,” with 18.5% of people sent the email clicking the link it provided.

Using the Kaspersky Security Awareness Platform, system administrators can mimic phishing emails and send them without warning to employees. The results can then be tracked to indicate the level of security awareness amongst employees.

Other effective subject lines included “Emails not delivered due to overloaded mail servers,” “Online employee survey: What would you improve about working at the company,” and “Reminder: New company-wide dress code,” all of which prompted 17.5-18% of recipients to click their links. The most effective sender names included “Mail delivery service,” “The Google support team,” and “HR Department.”

Kaspersky’s study was conducted between January 2021 and May 2022 and included the results of over 29,000 employees from 100 countries. With phishing emails behind an estimated 91% of all cyberattacks, the importance of understanding those campaigns that employees will fall for the easiest cannot be overstated.

Conversely, emails that contained threats or promised rewards for clicking links were less likely to prompt clicks with “I hacked your computer and know your search history” and another promising $1,000 only gained 2% and 1% of clicks respectively.

Educating employees on the telltale signs of a phishing campaign can be an effective measure against cyberattacks. Communicating the importance of verifying links and sender addresses, checking attachments aren’t executable files, and flagging up any suspected phishing attacks to your company's IT department can greatly improve safety.

On an administrative level, IT teams should remain vigilant against novel attacks that might circumvent existing security filters. Simulations such as those achievable through Kaspersky Security Awareness Program can provide useful insights into how susceptible employees are to tricks by threat actors.

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

“Since the methods used by cybercriminals are constantly changing, the simulation has to reflect up-to-date social engineering trends, alongside common cybercrime scenarios,” stated Elena Molchanova, Head of Security Awareness Business Development at Kaspersky.

“It is crucial that simulated attacks are carried out regularly and supplemented with appropriate training – so users will develop a strong vigilance skill that will allow them [to] avoid falling for targeted attacks or so-called spear phishing.”

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download

Recommended

Kaspersky Free review: Effective and lightweight – everything you want from a free antivirus solution
antivirus

Kaspersky Free review: Effective and lightweight – everything you want from a free antivirus solution

8 Jun 2022
Is Kaspersky still safe to use?
cyber security

Is Kaspersky still safe to use?

1 Apr 2022
Germany advises against using Kaspersky software due to hacking risk
cyber security

Germany advises against using Kaspersky software due to hacking risk

16 Mar 2022
The IT Pro Products of the Year 2021: The year’s best hardware and software
Hardware

The IT Pro Products of the Year 2021: The year’s best hardware and software

31 Dec 2021

Most Popular

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang
ransomware

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022