When we began warning you about phishing scams years ago, they were much easier to spot. Criminals were more careless back then and would regularly send emails full of typos and bad grammar.
Fast forward to today and they’re are using sophisticated tools to spoof messages and websites that make them look real. Phishing emails now probably include official company logos that make them seem legit.
That’s just one trick to watch for. Another is a subject line that makes the email seem super urgent. In this article, we’ll share the most commonly used phishing subject lines along with ways to stay protected.
Most common phishing email subject lines
Phishing attacks don’t just target the everyday Joe. Sometimes, they go after companies and their employees in what’s known as Business Email Compromise (BEC) scams.
The FBI describes BEC as “a sophisticated scam targeting businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments. The scam is carried out by compromising legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.”
Basically, a BEC scammer attempts to trick employees into sending money transfers or handing out sensitive information, by impersonating executive email accounts. These attacks are initiated either by social engineering tricks, email spoofing or malware, targeting employees from companies across the U.S.
Cybersecurity firm Barracuda recently analyzed 360,000 phishing emails to find out subject lines that were most commonly used and successful. There seems to be a theme to common subject lines: Scammers try to create a sense of urgency.
Top subject lines in BEC attacks:
- Follow up
- Are you available?/Are you at your desk?
- Payment Status
- Invoice Due
- Direct Deposit
The simple subject line of “Request” was most commonly used, and it wasn’t close. Request was used 36% of the time, with “Follow up” coming in a distant second at 14%.
The study also showed that over 70% of attack emails tried to establish a rapport or sense of urgency. And, many subject lines make it seem the topic had been previously discussed.
If you receive an email with any of the subject lines on the list, be cautious. Keep reading for more ways to avoid falling victim to a phishing attack.
Outsmarting phishing scams
The most important rule to outsmarting phishing scams is to avoid clicking on malicious links. That means you shouldn’t click on web links or open PDF attachments found in unsolicited email messages, it could be a phishing attack. If you need to conduct business with any company, it’s always best to type its web address directly into your browser. Never trust a link that’s inside a message.
Another mistake many people make is using the same password for multiple websites. This is a terrible idea. If your credentials are stolen from one site and you use the same username and/or password on others, it’s easy for the cybercriminal to get into each account.
Also, it should go without saying, but online accounts are so much easier to break into with simple passwords. So if you’re still using password1234, stop doing this. Stop yesterday.
Then, if you do happen to receive an unsolicited email, do not send payment or reply with personal information. You don’t want it to fall into the hands of criminals.
If a company that you do business with on a regular basis emails you and asks for personal information, type the company’s official web address into your browser and go there directly to be safe. Or, give them a call using a trusted phone number like those found on the back of your debit or credit card.