The Most Common Email Keywords That Everyone Should Know to Avoid Phishing Scams

The Most Common Email Keywords That Everyone Should Know to Avoid Phishing Scams

Photo: Bloomicon (Shutterstock)

Email phishing scams are in no way new, but with people living so much of their lives online during the ongoing COVID-19 pandemic, there are increased opportunities for it to happen. In fact, 2020 saw a 25% increase in the number of phishing sites compared to 2019.

One of the ways people can decrease their chances of being scammed is paying close attention to the emails they receive (or at least the ones they’re considering opening). To help pinpoint what to look for, Expel analyzed 10,000 malicious emails, and released a report on the most common keywords found in the subject lines of phishing emails. Here’s what to know.

Understanding scammers’ tactics

Expel’s report found that scammers use a combination of three strategies to get people to interact with their emails:

Imitating legitimate business activitiesCreating a sense of urgencyPrompting the recipient to act

“Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion—urgency or fear of loss are the most common,” Ben Brigida, the director of SOC Operations at Expel told TechRepublic. “The actions are as simple as ‘go to this site’ or ‘open this file,’ but the attacker wants you to be moving too fast to stop and question if it’s legitimate.”

Most common keywords used in subject lines of phishing emails

The full report provides additional details and examples of how and why these keywords are used in phishing email subject lines. For now, here’s a quick rundown of some that should be approached with extra caution:

Invoice

Examples of real subject lines:

RE: INVOICEMissing Inv ####; From [Legitimate Business Name]INV####

New

Examples of real subject lines:

New Message from ####New Scanned Fax Doc-Delivery for ####New FaxTransmission from ####

Message

Examples of real subject lines:

Message From ####You have a New MessageTelephone Message for ####

Required

Examples of real subject lines:

Verification Required!Action Required: Expiration Notice on [business email address][Action Required] Password ExpireAttention Required. Support ID: ####

[Blank subject]

According to the report, “blank subject lines generally evade automated security measures—security tech can’t scan for phishing or spam keywords if there aren’t any.”

G/O Media may get a commission

File

Examples of real subject lines:

You have a Google Drive File Shared[Name] sent you some filesFile- ####[Business Name] Sales Project Files and Request for Quote

Request

Examples of real subject lines:

[Business Name] SALES PROJECT FILES AND REQUEST FOR QUOTE[Business Name] – W-9 Form RequestYour Service Request ####Request Notification: ####

Action

Examples of real subject lines:

Action Required: Expiration Notice on [business email address]Action Required: [Date]Action Required: Review Message sent on [Date][Action Required] Password Expire

Document

Examples of real subject lines:

File Document ####[Name], You have received a new document in [Company system][Name] shared a document with you

Verification

Examples of real subject line:

Verification Required!

eFax

Examples of real subject lines:

eFax from ID: ####eFax® message from “[phone number]” – 2 page(s), Caller-ID: +[phone number]

VM

Examples of real subject lines:

VM from [phone number] to Ext. ### on Tuesday, May 4, 2021VM From ****#### Received – for <[user name]> July 26, 2021‘”””1 VMAIL RECEIVED on Monday, June 21, 2021 3:02:55 PM””

Source Link