2 min read

"Password Check Required Immediately" – most effective phishing line

Filip TRUȚĂ

July 27, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
"Password Check Required Immediately" – most effective phishing line

Leveraging a key human trait that machines would not fall for, cybercriminals can easily manipulate or fool humans using social engineering tactics. A new study on the most effective phishing scams shows that, ironically, the subject lines relating to security are most likely to trick users into handling their credentials insecurely.

“By playing into a person”s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack,” according to KnowBe4, which deals with security awareness and simulated phishing.

The firm compiled user data based on simulated phishing tests and real-world emails that savvy users reported to their IT reps. They found that criminals can best hack into a user”s accounts by playing to their commitment to security, using message bodies and subject lines that prompt users to enter their passwords.

After examining tens of thousands of subject lines, including some “in-the-wild” emails, researchers compiled the following “Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018” (frequency percentage in brackets):

  1. Password Check Required Immediately (15%)
  2. Security Alert (12%)
  3. Change of Password Required Immediately (11%)
  4. A Delivery Attempt was made (10%)
  5. Urgent press release to all employees (10%)
  6. De-activation of [[email]] in Process (10%)
  7. Revised Vacation & Sick Time Policy (9%)
  8. UPS Label Delivery, 1ZBE312TNY00015011 (9%)
  9. Staff Review 2017 (7%)
  10. Company Policies-Updates to our Fraternization Policy (7%)

The power of some of these subject lines is their close resemblance to legitimate corporate emails that makes it hard for unwary employees to tell the difference between real and fake.

When investigating emails “in-the-wild” exclusively, researchers found the following subject lines as the most common for the second quarter of 2018:

  • Microsoft: Re: Important Email Backup Failed
  • Microsoft/Office 365: Re: Clutter Highlight
  • Wells Fargo: Your Wells Fargo contact information has been updated
  • Chase: Fraudulent Activity On Your Checking Account – Act Now
  • Office 365: Change Your Password Immediately
  • Amazon: We tried to deliver your package today
  • Amazon: Refund – Valid Billing Information Needed
  • T: Ransomware Scan
  • Docusign: Your Docusign account is suspended
  • You have a secure message

Employees are often regarded as a company”s first line of defense, and for good reason too: all it takes is one worker”s endpoint to get infected with a wormable piece of malware for hackers to make their way into the company”s infrastructure. This strengthens the notion that staff training is a must-have in today”s corporate environments.

Of course, the same advice applies when you use your home computer or smartphone for personal affairs. Remember: phishing doesn’t discriminate.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read