"Password Check Required Immediately" â€“ most effective phishing line
Leveraging a key human trait that machines would not fall for, cybercriminals can easily manipulate or fool humans using social engineering tactics. A new study on the most effective phishing scams shows that, ironically, the subject lines relating to security are most likely to trick users into handling their credentials insecurely.
“By playing into a person”s psyche to either feel wanted or alarmed, hackers continue to use email as a successful entry point for an attack,” according to KnowBe4, which deals with security awareness and simulated phishing.
The firm compiled user data based on simulated phishing tests and real-world emails that savvy users reported to their IT reps. They found that criminals can best hack into a user”s accounts by playing to their commitment to security, using message bodies and subject lines that prompt users to enter their passwords.
After examining tens of thousands of subject lines, including some “in-the-wild” emails, researchers compiled the following “Top 10 Most-Clicked General Email Subject Lines Globally for Q2 2018” (frequency percentage in brackets):
- Password Check Required Immediately (15%)
- Security Alert (12%)
- Change of Password Required Immediately (11%)
- A Delivery Attempt was made (10%)
- Urgent press release to all employees (10%)
- De-activation of [[email]] in Process (10%)
- Revised Vacation & Sick Time Policy (9%)
- UPS Label Delivery, 1ZBE312TNY00015011 (9%)
- Staff Review 2017 (7%)
- Company Policies-Updates to our Fraternization Policy (7%)
The power of some of these subject lines is their close resemblance to legitimate corporate emails that makes it hard for unwary employees to tell the difference between real and fake.
When investigating emails “in-the-wild” exclusively, researchers found the following subject lines as the most common for the second quarter of 2018:
- Microsoft: Re: Important Email Backup Failed
- Microsoft/Office 365: Re: Clutter Highlight
- Wells Fargo: Your Wells Fargo contact information has been updated
- Chase: Fraudulent Activity On Your Checking Account â€“ Act Now
- Office 365: Change Your Password Immediately
- Amazon: We tried to deliver your package today
- Amazon: Refund – Valid Billing Information Needed
- T: Ransomware Scan
- Docusign: Your Docusign account is suspended
- You have a secure message
Employees are often regarded as a company”s first line of defense, and for good reason too: all it takes is one worker”s endpoint to get infected with a wormable piece of malware for hackers to make their way into the company”s infrastructure. This strengthens the notion that staff training is a must-have in today”s corporate environments.
Of course, the same advice applies when you use your home computer or smartphone for personal affairs. Remember: phishing doesn’t discriminate.
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks
October 22, 2021
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals
October 20, 2021