The 10 Most Common & Clicked Phishing Subject Lines

Did you know that 1 out of 3 employees opens phishing emails every day? Hackers are always switching up their phishing tactics to throw us off, so many people get fooled into revealing sensitive and confidential information. If this happens in your organization, you could be robbed of your data, money and a good reputation.

To help you recognize phishing emails, we’ve provided the ten email subject lines that are most commonly used and the ten that are most often clicked. In addition to knowing these, there are other things you need to watch for to protect your business. Share the answers to these questions with your staff.

What Is Phishing?

Phishing is used by criminals to steal private information such as credit card, bank account numbers, and account usernames and passwords. They lure people into clicking links to phishing websites. When you or your staff believe a spoofed website is legitimate, you could be tricked into providing confidential information.

These emails and websites look legitimate. They may pose as your bank or credit card company asking you to login to view a transaction that you didn’t authorize. When you log in, they capture your ID and password. Then they can go to the real website and steal your money or use your credit card.

Why Has Phishing Become Such A Big Problem?

The Anti-Phishing Working Group (APWG) reports that organizations will lose an estimated $9 billion in 2018 from phishing. They indicate that hackers are still seeking direct financial rewards but are also stealing sensitive data to sell to other criminals on the Dark Web.

And now, phishing attacks are being perpetrated through social media as reported in “The New Face of Phishing:”

“Attackers lure victims to impersonation websites by incorporating phishing URLs into posts or comments. Attackers target Facebook, LinkedIn, Twitter, Tumblr, Snapchat, Google+, Instagram and other social media users with thousands of phishing or otherwise malicious URLs {daily/monthly?}. Attackers also distribute phishing lures in the text, SMS, Skype, Messenger, or other messaging services. These new attack vectors demonstrate that phishers have adapted to society’s increased mobility and today’s diversity of messaging platforms.”

The APWG’s Phishing Activity Trends Report For The 1st Quarter Of 2018 Reports:

• The total number of phishing email detected in 1Q 2018 was 263,538. This was up 46 percent from the 180,577 in 4Q 2017. It was also significantly more than the 190,942 seen in 3Q 2017.
• At the end of 2016, less than five percent of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, however, more than a third of phishing attacks were hosted on Web sites that had HTTPS and SSL certificates.
• Phishers are taking advantage of unclear security messaging. A significant number of HTTPS phish are hosted on domains that are registered by the phishers themselves. The general public’s misunderstanding of the meaning of the HTTPS designation and the confusing labeling of HTTPS Web sites within browsers are the primary drivers of why they have quickly become a popular preference of phishers to host phishing sites.

As you can see, phishers are finding new and successful ways of tricking people.

What Industries Are Phishers Targeting?

The APWG saw increases in phishing that targeted SAAS (Software as a Service) and webmail providers, along with file hosting/sharing sites. Phishing against payment services and banks is still a problem. The most-targeted industry sectors in the 1st quarter of 2018 were:

• Payment Services 39.4%
• SaaS/Webmail Services 18.7%
• Financial Institutions 14.2%
• Cloud Storage/File Hosting 11.3%
• Other Industries 16.4%

What Are The 10 Most Common Phishing Subject Lines Q2 2018?

1. Password Check Required Immediately (15 percent).
2. Security Alert (12 percent).
3. Change of Password Required Immediately (11 percent).
4. A Delivery Attempt was made (10 percent).
5. Urgent press release to all employees (10 percent).
6. De-activation of [[email]] in Process (10 percent).
7. Revised Vacation & Sick Time Policy (9 percent).
8. UPS Label Delivery, 1ZBE312TNY00015011 (9 percent).
9. Staff Review 2017 (7 percent).
10. Company Policies-Updates to our Fraternization Policy (7 percent).

What Are The 10 Most-Clicked Email Subject Lines for Q2 2018?

1. Password Check Required Immediately 15%

2. Security Alert 12%

3. Change of Password Required Immediately 11%

4. A Delivery Attempt was made 10%

5. Urgent press release to all employees 10%

6. De-activation of [[email]] in Process 10%

7. Revised Vacation & Sick Time Policy 9%

8. UPS Label Delivery, 1ZBE312TNY00015011 9%

9. Staff Review 2017 7%

10. Company Policies-Updates to our Fraternization Policy 7%

What Can You And Your Staff Do to Avoid Being Victimized By Phishing?

• Don’t click buttons or links in emails.
• Use a password manager to create complex passwords and encrypt them.
• Don’t use browser-based password manager extensions. They are risky and have the potential to reveal your credentials if you visit a malicious website.
• Don’t trust the little green lock icon in your web address bar. Hackers can get HTTPS certificates as quickly as a real site.
• Use two-factor verification whenever it’s available. This provides an extra layer of security and will require another form of identification via an email or text message.
• If you detect a suspicious email, tell your boss and colleagues immediately. The faster your IT service company can respond to a threat, the less damage the hacker can inflict.

We know that this is a lot to think about. If you have any questions, please contact our team at (408) 849-4441 or send us an email at info@veltecnetworks.com.