Think before you click on that email! A phishing email is meant to be highly clickable, so its subject is engineered to be enticing or even threatening.
In the past, phishing emails and other bogus communication were more likely to sound so outlandish as to be instantly recognizable as scams and thus they could usually be sidestepped without too much mental sweat.
Nowadays, cyber crooks are using more carefully constructed language and social engineering voodoo to get more people to click on their emails.
Imitation is the worst form of flattery
The counterfeit branding on a modern phishing email can be shockingly close to the real thing, with logos, colors, and images that match the brand (at least upon a cursory once-over). Really, anyone can nab a logo from a company’s website. The actual phishing website destinations can also appear authentic, and they can even have misleading, “cloaked” web addresses using a Unicode representation, as with the recent Relieve Stress Paint phishing campaign’s use of “aol.net.”
Not familiar with the term ‘phishing’?
Chances are, if you get email on regular basis, you’ve seen a phishing email. Hopefully, your instincts guided you away from clicking on them.
Phishing is the unscrupulous practice of sending emails, purportedly from reputable entities, to lure victims into providing sensitive information such as financial details and account credentials.
Common phishing email subjects include panic-inducing alerts, delivery notices, password or account issues, and offers that are simply too good to be true.
Phishing emails usually have hyperlinks and attachments, so be very wary about clicking on these, especially when they’re unsolicited.
The top clicked phishing email subject lines in q1 2018
Here are the email subject lines of the most-clicked phishing emails in the first quarter of 2018, based on research from KnowBe4.
- A Delivery Attempt Was Made – 21%
- Change of Password Required Immediately – 20%
- W-2 – 13%
- Company Policy Update for Fraternization – 10%
- UPS Label Delivery 1ZBE3112TNY00015011 – 10%
- Revised Vacation and Time Policy – 8%
- Staff Review 2017 – 7%
- Urgent Press Release to All Staff – 5%
- Deactivation of (email) in Process – 4%
- Please Read: Important from HR – 2%
Do any of these look familiar? If you see any emails with subjects like these in your inbox, be very cautious.
The following are additional “in-the-wild” email subject lines to stay vigilant about.
- IT DESK: Security Alert Reported on Campus
- IT DESK: Campus Emergency Scare
- IT DESK: Security Concern on Campus Earlier
- Amazon: Billing Address Mismatch
- Password Review
- Urgent Security Event: Your account details were found online
- Wells Fargo: New device detected
- GasBuddy: Major car recall announced today
- CNN: Facebook-Cambridge Analytica Apology Tour
Phishing email red flags
What are some things to look out for when examining an email that just smells “phishy?”
- Bogus email address
Is something misspelled (the sender name and/or the domain)? If so, the email may very well be a phishing scam.
- Email Attachments
Always be wary of attachments, especially in unsolicited emails. When in doubt, don’t open them and ask your IT department or managed security provider for assistance and advice.
Check those hyperlinks before clicking. If something looks suspicious, try searching for that link in a search engine. If that search results page is full of warnings and complaints about phishing, then there you go. If the message looks somewhat legit, you can manually go to the company’s website directly or call them and inquire about the message.
- Password change request
An email asking for personal information or account credentials should almost always be avoided, even if the sender appears to be someone you know. Look for red flags in the email. You can also contact the person or company directly and ask about the request.
- Poor grammar
A hallmark of phishing emails is the presence of grammatical errors. Misspelled words, incorrect tenses, and just overall stilted language can be huge signs of a phishing attempt, as hackers can oftentimes be foreigners.
Ready to fight back against phishing and other cyberattacks?
Phishing and other forms of cybercrime are not going anywhere any time soon, unfortunately. Businesses and organizations large and small must take steps to protect their privacy and their data.
There is no magic IT security product that will block every threat to you network. As such, it’s vital to have layers of security for the best possible defensive stance.
InCare is a nationally recognized IT provider serving businesses, local government, hospitals and clinics, and schools in Alabama, Mississippi, and surrounding areas. Our techs have kept our clients safe with our suite of security products and services, such as InDefend, enhanced network protection at the DNS level.
Contact us for a free phishing and security consultation, or fill out the form below and one of our IT security experts will get back to you promptly.
For further information about phishing and related topics, check out these posts and pages.