Table 1. Email Category and Click Rates Among 95 Simulated Phishing Campaignsa.
| Email Category | Example Lures | No. (% Total) of Campaigns |
|---|---|---|
| Office related | You have received a new fax… | 37 (38.9) |
| You are expected to review this document on an annual basis… | ||
| Mandatory online workplace safety training… | ||
| Personal | Someone sent you a Halloween e-card… | 22 (23.2) |
| Your new credit card has been shipped… | ||
| We are pleased to announce that you are eligible to receive double rewards… | ||
| IT related | Your mailbox has exceeded the storage limit, which is 20 GB as set by your administrator… | 36 (37.9) |
| We are currently updating our database and email center. All unused accounts will be deleted… | ||
| If you are receiving this message, it means that your email address has been queued for deactivation… |
Abbreviation: IT, information technology.
a
Emails were placed into 1 of 3 categories based on expert review. Shown are example lures from each of the categories, highlighting the type of content that is used to solicit further engagement with the phishing email from employees. Also shown are the number of campaigns from our sample that fell into each category.