Going Phishing?

Going Phishing?


Here are The Most Common Email Subject Lines to Be Wary Of

There’s a good chance there's a phishing scam lurking in someone’s email you know right now. Phishing emails are getting tougher to block because attackers are crafting their bait to be more convincing to targets. And employees are usually quick to open potentially malicious emails, even when they know they should be on alert.

At Simplicit Technologies, as our clients Managed Service Provider, we monitor the dark web 24/7 to identify, analyze and proactively monitor any compromised or stolen employee and customer data to act before a breach occurs. We also deploy ongoing simulation and training for employees within our client organizations to further minimize security.

Typically, subject lines that seem to trigger attention from an employee which require a quick response are associated with completing a task, are personally significant to them or pose some sort of security threat the employee feels he/she should be on the lookout for.

These emails subject lines most usually fall into one of the following categories:

  • Deliveries
  • Passwords
  • Company Policies
  • Vacation
  • IT Department (in-the-wild)

According to KnowBe4, The top 10 most-clicked general email subjects in Q4 2018 were:

  1. Password Check Required Immediately/Change of Password Required Immediately 19%
  2. Your Order with Amazon.com/Your Amazon Order Receipt 16%
  3. Announcement: Change in Holiday Schedule 11%
  4. Happy Holidays! Have a drink on us. 10%
  5. Problem with the Bank Account 8%
  6. De-activation of [[email]] in Process 8%
  7. Wire Department 8%
  8. Revised Vacation & Sick Time Policy 7%
  9. Last reminder: please respond immediately 6%
  10. UPS Label Delivery 1ZBE312TNY00015011 6%

Most Common 'In the Wild' Attacks in this period were:

  1. Apple: You recently requested a password reset for your Apple ID
  2. Employee Satisfaction Survey
  3. Sharepoint: You Have Received 2 New Fax Messages
  4. Your Support Ticket is Closing
  5. Docusign: You've received a Document for Signature
  6. ZipRecruiter: ZipRecruiter Account Suspended
  7. IT System Support
  8. Amazon: Your Order Summary
  9. Office 365: Suspicious Activity Report
  10. Squarespace: Account billing failure

Of course, phishing is constantly evolving to adopt new forms and techniques so it’s still unclear what is in store for 2019. But, with the right mindset, as the decision maker of your business, it’s imperative that your team conducts security awareness training on an ongoing basis so that their employees and executives stay on top of emerging phishing attacks.

For more information on Simplicit Technologies’ Employee Cyber Security Training, fill out this form or call us directly 800-245-5210.