Phishing is still the number one tactic used by malicious actors to collect passwords and other information. Phishing works because the attacker is able to create an email that is believable and looks realistic. The best ones appear to come from a customer, supplier, coworker or other trusted source, and the content makes sense for your business or personal life. The most successful way to prevent phishing from ruining your day is to learn how to spot common phishing approaches.
Security company KnowBe4 recently published an article and infographic illustrating the most popular email and social network subject lines that they have seen over the last quarter of 2018. Here is their list, with a few suggestions of my own thrown in for good measure.
Phishing Email Subjects
- You requested a reset to your Apple ID
- Employee satisfaction survey
- Sharepoint: new fax messages
- Your support ticket is closing
- ZipRecruiter account suspended
- Docusign document needs your signature
- IT system support
- Office365 suspicious activity
- Squarespace billing failure
- Password check or change required
- Amazon order or receipt
- Change in holiday schedule
- Have a coffee, pizza, sandwich on us
- Problem with your bank account
- Invoice, payment demand or wire-transfer request
- Deactivation of or other problem with your email account
- Revised vacation or sick time policy
- Final notice – please respond immediately
- UPS or FedEx delivery notice or problem
Social Network Phishing Subjects
- LinkedIn – Profile views, new endorsements, join my network, add me emails were the most common, and LinkedIn was the most frequently spoofed social network.
- Facebook – password change and primary email change
- Pizza – free pizza offers
- Login alert on Chrome
- New voicemail message
- You were tagged in a photo
- Your password was reset
- Secure your account now!
- You have a new unread message
These are examples of current phishing subjects be send out by the bad guys. Vigilance is the most important skill you can develop, and it is always better to check first and avoid regret later. Call the sender to confirm, or forward suspicious messages to your help desk or computer support department.Share