Phishing emails have been around for quite some time, and for their entire existence they have gotten the better of even the most seasoned employees. What exactly contributes to their success? What kinds of subject lines go into creating a phishing email that users find to be convincing enough to actually want to click on and follow through on? Let’s take a look at a recent study that might glean some insights into this.

The folks over at Expel have issued a report revealing the most common subject lines used in phishing emails. The subject lines in question are particularly concerning, as they prompt action from the reader, meaning that users must be extremely careful to not accidentally download the wrong attachment or click on the wrong link for more information on the email.

The list of keywords they found to be most common in phishing emails were gathered from a list of 10,000 known malicious emails, with the primary theme amongst them being to instill some sense of urgency and create a reason for the user to act (an unsurprisingly similar tactic that is commonly seen in marketing emails as well).

Ben Brigida, Director and SOC of Operations at Expel, had this to say regarding the matter: “Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion – urgency or fear of loss are the most common… The actions are as simple as ‘go to this site’ or ‘open this file,’ but the attacker wants you to be moving too fast to stop and question if it’s legitimate.”

In other words, the simpler and more direct the phishing email, the better and more effective it is.

This is reflected in the keywords, many of which are designed to mimic emails sent from legitimate businesses. See below for three of the most common offenders:

• RE: INVOICE
• Missing Inv ####; From [Legitimate Business Name]
• INV####

Since the fear of missing a payment can mean many things—especially for small businesses that rely on said services in order to function—many users don’t even question these emails and will, instead, willingly click on links or download files from these types of messages to see what they have missed. And, considering how many of these types of messages might be sent out from automated systems, the use of generic terminology is not necessarily indicative of an immediate security threat.

Other examples of common phishing subject lines include words like “required,” as well as topics such as verification, file or document sharing, action requirements, and service requests. Furthermore, the flags assigned to emails when they come into your inbox, like the “new” label that appears in certain email clients, can trigger employees to impulsively click on messages without first looking at who the sender is. 

Don’t let phishing emails get the better of you; give Compudata a call at 1-855-405-8889 and learn more about how you can secure your systems and train your employees to identify and respond to these types of messages.