The most commonly clicked phishing emails include urgent calls to action, or exploit victims’ desire for popularity.
If an employee receives an email about a data breach, chances are they’re going to click. If an “important” or “urgent” message arrives from human resources, they’re going to want to know why. If an email warns their password is about to expire, they will investigate further to change it.
Hackers know this, which is why they have begun to prey on victims’ sense of urgency in phishing attacks. The most effective phishing email subject lines include psychological triggers to get people to click, discovered security awareness firm KnowBe4 in a study of most-clicked phishing email subject lines for Q3 2017.