The Most Popular Subject Lines for Phishing Threats are Revealing

Even the most cautious employee could fall victim to a well-placed and well-timed phishing email. What are some factors that contribute to the success of these attacks, and what subject lines in particular should people be cautious about? A recent study takes a look at what goes into a successful phishing attack, and you might be surprised by the results.

Expel published a report revealing the most common subject lines used in phishing emails, all of which encourage the reader to take some sort of action. This is problematic, especially for employees who don’t typically tend to think twice before downloading an attachment or clicking on a link.

Expel looked at 10,000 known malicious emails and put together a list of keywords used in phishing emails. The fact that most of them have a sense of urgency should come as no surprise, as this tactic has been used in phishing attacks since their inception. Plus, this is a tactic also utilized in marketing emails, so hackers can blur the lines a bit and create uncertainty in this way.

Ben Brigida, Director and SOC of Operations at Expel, had this to say regarding the matter: "Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion - urgency or fear of loss are the most common… The actions are as simple as 'go to this site' or 'open this file,' but the attacker wants you to be moving too fast to stop and question if it's legitimate.”

Basically, the simpler and more direct the phishing email is, the easier time a hacker has in pulling it off. This idea is reflected in the keywords. You might notice that not only are they simple, but they also mimic emails sent from legitimate businesses. Here are three of the most common ones:

• RE: INVOICE
• Missing Inv ####; From [Legitimate Business Name]
• INV####

These subject lines tap into the fear that one might have of missing a payment, something which can be problematic for a small business that relies on goods or services to stay operational. Rather than take a step back and question these messages, users will simply make the payment. Plus, when you consider the sheer amount of invoices or messages sent out by automatic systems, this type of language is not necessarily a red flag.

Some other common phishing subject lines might include the words “required,” “verification required,” file sharing, action requirements, or service requests. The tags that sometimes get assigned to emails in inboxes also don’t help, as employees might see the word “new” next to a message and impulsively click on it.

If you want to take your network security seriously and stop phishing emails in their tracks, CoreTech can help. To learn more, reach out to us at (270) 282-4926.