Email phishing attacks remain a go-to tool for bad actors everywhere. Many reasons for this include responding to an email in a rush, not being suspicious enough, clicking through an email link rather than going directly to a known site, and more.
A recent ZD Net article reports the 12 most common email subject line openers sent to businesses in phishing attacks. Barracuda Networks analyzed over 360,000 known phishing emails to identify common themes and subject lines. The result
of this analysis found the most common opener in the subject line was, “Request.”
The preferred ploy is to create a sense of immediacy in the recipient. Words like Request, Urgent, and Follow-up along with attempts to make the email look like it is coming from a colleague or boss are the most common model. People are busy. They process dozens, if not hundreds, of emails every day. Slipping a phishing email into this mix is productive because people often react without thinking, as already mentioned.
Here are the 12 most common openers Barracuda Networks identified:
- Are you available? / Are you at your desk?
- Payment Status
- Invoice Due
- Direct Deposit
Social engineering or manipulation is growing in importance to hackers. Where in the past they might use ransomware and hijack a PC until a ransom is paid, getting people to give up sensitive information on their own is more effective. It is also cheaper and harder to detect. The individual giving up the information may not realize the mistake for some time.
Why is social manipulation this effective? Because people act according to their human nature. They don’t want to look bad. A request for follow-up is acted upon to look like a team player. A request for payment is responded to so as not to incur extra expenses or look bad to a supervisor.
The best way to avoid phishing attacks is to slow down and take a few seconds to look at an email before responding. Is the request legitimate? Is it from a properly configured email address? Does the email display logos and corporate information correctly? Are the grammar and terminology correct? Is it anything you are expecting or working on? Yes, a few seconds are precious in every busy day, but it pays to use a little extra time and avoid getting reeled in by a phishing attack.
We advise people to never click through a link embedded in an email unless absolutely sure of the sender and source. We also recommend never providing sensitive financial or corporate information via email unless you know the request is legitimate.
We are in the business of protecting data so when you do want to send sensitive, corporate, or personal information, you can do so free from worry that it will be intercepted and decoded. Our end-to-encryption solutions are designed to make decryption so difficult as to make the effort unattractive and unprofitable to the bad actors.
When you use the CRIP.TO unique blend of hardware and software, you have the highest level of encryption available outside of military and government agencies. Check out our solutions and see what we can do to secure your data. In the meantime, be careful of phishing attempts by taking a little more time when an email prompting urgent response hits your inbox.