Phishing emails are often a tactic frequently leveraged by cybercriminals to fool you into opening fraudulent messages that might eventually infect your computer or put your identity at risk. Well, a recent study out by the cybersecurity company Barracuda, spotted by ZDNet, has now exposed some of the most common phishing email subject lines used to exploit businesses.
In an examination of 360,000 emails over three months, the researchers at Barracuda discovered that the number one phishing email subject line is “request.” Coming in second is “follow up,” and in third is “urgent/important.” Some of the other popular phishing subject lines used by cybercriminals also refer to banking tasks and finances. These include “payment status,” “purchase,” “invoice due,” as well as “direct deposit,” “expenses,” and “payroll.”
Other popular phishing subject lines include “are you available?” and “are you at your desk,” as well as “Re:.” Most of these subject lines bring up a sense of urgency and try to grab your attention right away and fool you into clicking the email without thinking first. Some cybercriminals also go as far to make it seem like these phishing messages come from within an organization.
There have been several high-profile hacks in recent times which were, in part, led by phishing emails. This includes “Ryuk” which is a malware finds its origins in payroll-themed phishing emails. In 2018, Russians were also found to be specifically targeting both U.S. and European email accounts with the “Cannon” malware.
In order to avoid being tricked by phishing emails — or have your computer infected by the viruses often attached inside — there are several practices which you can follow. You should never open emails from suspicious addresses, and you should never use the macro function in Microsoft Word. You also should ensure that your antivirus software is up to date and that you’re running the latest and fully patched version of Windows or MacOS. Also, be sure to check out our list of the best free antivirus software, if you don’t have one.
Another great practice is to enable multi-factor-authentication to verify your logins for important accounts. Google has a quiz which can help educate you on how to spot phishing messages and avoid becoming a victim of cyber crimes. We also have a guide on creating the best passwords, and a guide to phishing which explains the tactic in full detail.
