Watch Out For Sneaky Phishing Subject Lines
By: Jim Stickley and Tina Davis
November 21, 2019
It’s a jungle out there in Email Land. Phishing tactics and attacks keep improving and subject lines are getting more difficult to ferret out what’s real from what’s not. Hackers make a point of knowing what email phishing subject lines work, and they’re not afraid to use them. Since 92.4% of malware is delivered via email, compelling subject lines are a huge first step for phishing campaigns. They play on our emotions, curiosity, and overall human nature. Crafty subject lines are designed to grab our attention and trick users into opening the email. Once it’s opened, it likely has attachments full of malware or links to a fake website, or both. Knowing more about hacker-favorite subject lines is a great way to avoid falling for them.
Socially engineered phishing gives hackers an “inside track” to more successful results. Hackers troll social media sites of individuals and businesses. Information like names, interests, places of work, and job titles are great subjects for getting someone’s attention. If an email subject seems more legitimate because it targets your interests specifically, don’t be surprised; it was designed that way. Corporations that continue to be spoofed or faked in emails include LinkedIn, Amazon, Google, PayPal, Dropbox, Wells Fargo, and Chase banks. Should you receive an email claiming to be from a trusted source, rather than follow the email, go to the official website by typing the URL yourself. If the company truly needs you to verify information or supply other details, you’ll be able to answer the request on the legitimate site in your account profile.
Below are just some of the shady spoof subject lines to look out for, misspellings and bad grammar included.
- Add me to your network
- New InMail Message
- Bank of ; New Notification
- Charity Donation for You
- FYI
- Review or Quick Review
- Assist Urgently
- Unauthorize login attempt
- AMAZON : Your Order no #812-4623 might ARRIVED
- Action Required: Pay your seller account balance
- Your recent Chase payment notice to
- Important: (1) NEW message from
- Wire Transfer
Being aware of just how much and what type of information you post online can save a lot of headaches and heartaches. Before you post, ask yourself if the information can be used for phishing subjects and email content. Know that hackers are trolling online, and they jump on details they can use to lure you. Giving clues or just plain TMI (Too Much Information) can be used against you, especially in an email subject line. Always remember the power to delete a message with any questionable subject line or if there is the slightest doubt about the sender is best met with a swift trip to the trash bin.