fbpx
Blog

JensenIT Blog

JensenIT has been serving the Illinois area since 1991, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

The Most Popular Subject Lines for Phishing Threats are Revealing

The Most Popular Subject Lines for Phishing Threats are Revealing

Even the most cautious employee could fall victim to a well-placed and well-timed phishing email. What are some factors that contribute to the success of these attacks, and what subject lines in particular should people be cautious about? A recent study takes a look at what goes into a successful phishing attack, and you might be surprised by the results.

Expel published a report revealing the most common subject lines used in phishing emails, all of which encourage the reader to take some sort of action. This is problematic, especially for employees who don’t typically tend to think twice before downloading an attachment or clicking on a link.

Expel looked at 10,000 known malicious emails and put together a list of keywords used in phishing emails. The fact that most of them have a sense of urgency should come as no surprise, as this tactic has been used in phishing attacks since their inception. Plus, this is a tactic also utilized in marketing emails, so hackers can blur the lines a bit and create uncertainty in this way.

Ben Brigida, Director and SOC of Operations at Expel, had this to say regarding the matter: "Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion - urgency or fear of loss are the most common… The actions are as simple as 'go to this site' or 'open this file,' but the attacker wants you to be moving too fast to stop and question if it's legitimate.”

Basically, the simpler and more direct the phishing email is, the easier time a hacker has in pulling it off. This idea is reflected in the keywords. You might notice that not only are they simple, but they also mimic emails sent from legitimate businesses. Here are three of the most common ones:

  • RE: INVOICE
  • Missing Inv ####; From [Legitimate Business Name]
  • INV####

These subject lines tap into the fear that one might have of missing a payment, something which can be problematic for a small business that relies on goods or services to stay operational. Rather than take a step back and question these messages, users will simply make the payment. Plus, when you consider the sheer amount of invoices or messages sent out by automatic systems, this type of language is not necessarily a red flag.

Some other common phishing subject lines might include the words “required,” “verification required,” file sharing, action requirements, or service requests. The tags that sometimes get assigned to emails in inboxes also don’t help, as employees might see the word “new” next to a message and impulsively click on it.

If you want to take your network security seriously and stop phishing emails in their tracks, JensenIT can help. To learn more, reach out to us at (847) 803-0044.

Tip of the Week: Cleaning Your Headphones
Is Your View of Your Business’ IT Realistic?
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, October 13, 2024

Captcha Image

Customer Login


Latest Blog

Being a green business is certainly not a bad thing. Not only does it help boost your company's environmental friendliness, but it can often attract customers and clients who prioritize the environment. Less mentioned, however, is how being greener can actually give your business an advantage in the right circumstances.

Contact Us

Learn more about what JensenIT can do for your business.

JensenIT
1689 Elk Blvd
Des Plaines, Illinois 60016

Sign up for our Newsletter!

Hey! Before you go, subscribe to our newsletter for IT tech tips and advice!