• United States



Top 10 phishing email subject lines that launch ransomware

Jul 18, 20172 mins

Give this list to your employees, then go phish yourself

phishing threat
Credit: Thinkstock

Ransomware is coming at you—via email messages to your employees. Ninety-one percent of attacks by cyber criminals start through phishing, according to email security provider Mimecast.

The Cisco 2017 Annual Cybersecurity Report states that ransomware is growing at a yearly rate of 350 percent. Need more convincing? Then read the latest Ransomware Report from Cybersecurity Ventures to learn how the ransomware plague continues to wreak havoc on organizations globally.

“Ransomware is a game changer in the world of cybercrime,” says Marc Goodman, author of The New York Times bestselling book Future Crimes, founder of the Future Crimes Institute, and the chair for Policy, Law and Ethics at Silicon Valley’s Singularity University.

“It allows criminals to fully automate their attacks,” he says. “Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organized crime syndicates.”

Want to protect your organization from the next ransomware outbreak? Give this list of the top 10 global most-clicked phishing email subject lines for Q2 2017, recently published by KnowBe4, to your employees.

  • Security Alert – 21% 
  • Revised Vacation & Sick Time Policy – 14%
  • UPS Label Delivery 1ZBE312TNY00015011 – 10%
  • BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
  • A Delivery Attempt was made – 10%
  • All Employees: Update your Healthcare Info – 9%
  • Change of Password Required Immediately – 8%
  • Password Check Required Immediately – 7%
  • Unusual sign-in activity – 6%
  • Urgent Action Required – 6%

Then, go phish yourself. Literally. KnowBe4, a security awareness training company, provides a free phishing security test that tells what percentage of your employees are phish-prone.

Raising the security awareness of your employees is the easiest and fastest way to bolster your ransomware prevention. The alternative may be getting “phired” if your CEO or board asks why employees aren’t getting trained on how to detect phishing attacks.

Global ransomware damage costs are predicted to exceed $5 billion in 2017, up from $325 million in 2015. The damages equate to a 15X increase in two years, and they are expected to worsen. Don’t be a victim.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.