Was it “Your account has been suspended” or “Accept Invitation – Staff Meeting via Teams” last quarter?

Based on its business of training people in security awareness training, KnowBe4 has released a report on most-effective phishing keywords and bait phrases for Q4 2021.  

When comparing the results from the US phishing emails to those in the rest of the world, the firm’s researchers had found that email subjects in the US appeared to originate from the users’ organizations and were focused on security alerts related to passwords and internal company policy changes. This contrasted to the situation in data from the rest of the world, which showed that the top phishing subjects were related to users’ everyday tasks. The subject lines appeared to be more personalized to entice users to click on the bait.

According to the firm’s CEO Stu Sjouwerman: “As expected, we did see some phishing email subjects related to the holidays, especially holiday shopping. Employees should remain ever vigilant when it comes to suspicious email messages in their inboxes because just one wrong click can wreak havoc for an organization.”  

Top 10 email categories globally

  1. Business 
  2. Online Services 
  3. Human Resources 
  4. IT 
  5. Banking and Finance 
  6. Coronavirus/COVID-19 Phishing 
  7. Mail Notifications 
  8. Holiday 
  9. Phishing for Sensitive Information 
  10. Social Networking 

Note: Top phishing email subjects were also broken out, comparing those in the US to those in the rest of the world. In Q4 2021, tens of thousands of email subject lines from simulated phishing tests were examined. KnowBe4 researchers also reviewed ‘in-the-wild’ email subject lines that show actual emails users received and reported to their IT departments as suspicious. The results are below. 

Top phishing email subject: 


  1. Accept Invitation – Staff Meeting via Teams 
  2. Employee Portal – Timecard Not Submitted  
  3. Enclosed attachment for your review 
  4. Immediate password verification required  
  5. [[company_name]] Invoice 

The USA  

  1. Password Check Required Immediately 
  2. Important: Dress Code Changes 
  3. Vacation Policy Update 
  4. Important Social Media Policy Change  
  5. Employee Discounts on Amazon for your Holiday Shopping 

*Capitalization and spelling are verbatim as used in the phishing test subject field.
**Email subject lines are a combination of both simulated phishing templates created by KnowBe4 for clients, and custom tests designed by KnowBe4 customers. 

Common ‘in-the-wild’ attacks

  1. IT: Cloud Enrollment
  2. Special Project Information
  3. You Have Some New Messages
  4. Teams Events
  5. Microsoft: Private Shared Document Received

*Capitalization and spelling are as they were in the phishing test subject field.