Dangerous Email Subject Lines

Check Out These Email Subject Lines. Would You Click on Them?

Over the past few years, we’ve all been taught to be careful not to click on suspicious looking emails, right? The problem is that cyber thieves are working very hard at coming up with new ways to trick us, and they succeed at an alarming rate. Chances are, if you received an email subject line that seemed to be a security alert from Bank of America, but you weren’t a client of theirs, you would know better than to click on it. But what if you were a BofA customer and you received that alert? Chances are pretty good you just might click away. And then compound the problem by clicking on something within the email once you opened it.

Sending out false emails with email subject lines that look real is called “phishing” and is described by Wikipedia as a “the attempt to obtain sensitive information such as user names, passwords, and credit card details (and, indirectly, money) often for malicious reasons, by disguising as a trustworthy entity in an electronic communication.”

One of the top providers of email security awareness training, KnowBe4, recently published its “Top 10 Global Phishing Email Subject Lines for Q2 2017”. While it did find that people generally were more likely to fall for subject lines relating to business, they also clicked on non-business subject lines with scary regularity.

Here are the Top 10 Phishing Subject Lines their research turned up:

• Security Alert – 21%
• Revised Vacation & Sick Time Policy – 14%
• UPS Label Delivery 1ZBE312TNY00015011 – 10%
• BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
• A Delivery Attempt was made – 10%
• All Employees: Update your Healthcare Info – 9%
• Change of Password Required Immediately – 8%
• Password Check Required Immediately – 7%
• Unusual sign-in activity – 6%
• Urgent Action Required – 6%

*Capitalization has been kept as it was found in their research.

How many of your employees would pass up reading an email that said, “Revised Sick Time & Vacation Policy”? If they do click, they can be opening up your entire IT infrastructure to all types of malware, including ransomware demands. (As a side note, your infrastructure needs to be protected from ransomware by having advanced data backup and recovery systems in place. This is critical and should be an integral part of any managed IT support program.)

On a personal level, while no-one (at least very few people) will ever again fall for the plea of a Nigerian Prince looking to hide his family’s fortune with your help, a whole lot of people will click on fake emails that look they are coming from a financial institution, or a package delivery service that they often use. (The cyber-criminal does not need to have the customer list from the bank or delivery service. They just send out millions of emails with the expectation that some small percentage of the recipients will be customers of that bank or delivery service.)

For both your business’ sake, or to protect themselves, your people should understand that banks never request personal information through email. Certainly, these emails should never be the trigger for transferring funds.

Here at DynaSis, we have been in the business of providing full service Managed I.T. Support for 25 years, and we have seen it all. In fact, we have been at the forefront of developing cyber security techniques now in use across the USA. Among these are in-house security training for the employees of our clients. In you would like to learn more about how we can secure your I.T. network, please contact us by visiting our website or call us at 678.967.3854.