Want to know which phishing emails generated the most clicks? Security Awareness company KnowBe4 has the answer in its Q3-25 report, and it wouldn't surprise you.
Internal Topics Dominate
- Personalization increased click rate in simulated phishing emails - the two most-clicked subject lines contained the recipients' company name.
- Internal topics made up 90% of most-clicked subject lines, and HR was cited in 45% of the top 10 most-clicked emails.
Branded Landing Pages
- 70% of simulated landing page interactions involved branded content.
- Microsoft was the most common brand, accounting for 25%, followed by LinkedIn, X, Okta, and Amazon.
Top Clicked Hyperlinks
- 82% of the top 20 clicked links in simulated phishing emails came from internally themed simulations.
- 66% used domain spoofing techniques.
Attachment Interactions
- PDFs comprised 56% of the top 20 attachments opened in simulated phishing emails, followed by Word documents (25%) and HTML files (19%).
-------------------------------------------
------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------