The phishing bait you're most likely to take

Phishing is the most common form of cyberattack as criminals seek to obtain credentials to access bank accounts or corporate networks.

Abnormal Security has analyzed which phishing attacks generate the highest click rate and categorized them based on the words included in the subject line.

Topping the list are messages relating to invoices and payment which account for 18.4 percent of engaged-with phishing attacks in 2023. Document sharing comes next on 7.9 percent. Notifications claiming the recipient has unread messages or other notifications requiring their attention account for 5.5 percent.

More generic 'action required' notices make up 4.5 percent. These could be anything from a request to change your password, confirm your email address, verify your account, or update your payment information. Finally, account notices, stating that an account has been suspended, compromised, or is in need of urgent attention, account for 3.5 percent.

Mike Britton, CISO at Abnormal Security, writes on the company's blog:

With the threat landscape constantly changing, it's important to understand how threat actors are shifting their techniques to trick their targets into clicking credential phishing links. However, by understanding the most popular themes and being aware of how threat actors inspire fear and urgency, we can all better protect ourselves (and our organizations) from these credential phishing attacks.

That said, the best defense is simply preventing these attacks from reaching the inbox at all, by harnessing the power of defensive AI to prevent even the most sophisticated attacks.

You can read more and see examples of actual attacks on the Abnormal blog.

Image credit: weerapat/depositphotos.com