The 10 Most Common & Clicked Phishing Subject Lines

Did you know that 1 out of 3 employees opens phishing emails every day? Hackers are always switching up their phishing tactics to throw us off, so many people get fooled into revealing sensitive and confidential information. If this happens in your organization, you could be robbed of your data, money and good reputation.

To help you recognize phishing emails we’ve provided the 10 email subject lines that are most commonly used and the 10 that are most often clicked. In addition to knowing these, there are other things you need to watch for to protect your business. Share the answers to these questions with your staff.

What Is Phishing?

Phishing is used by criminals to steal private information such as credit card, bank account numbers, and account usernames and passwords. They lure people into clicking links to phishing websites. When you or your staff believe a spoofed website is legitimate, you could be tricked into providing confidential information.

These emails and websites look legitimate. They may pose as your bank or credit card company asking you to login to view a transaction that you didn’t authorize. When you log in, they capture your ID and password. Then they can go to the real website and steal your money or use your credit card.

Why Has Phishing Become Such A Big Problem?

The Anti-Phishing Working Group (APWG) reports that organizations will lose an estimated $9 billion in 2018 from phishing. They report that hackers are still seeking direct financial rewards but are also stealing sensitive data to sell to other criminals on the Dark Web.

And now, phishing attacks are being perpetrated through social media as reported in “The New Face of Phishing:”

“Attackers lure victims to impersonation websites by incorporating phishing URLs into posts or comments. Attackers target Facebook, LinkedIn, Twitter, Tumblr, Snapchat, Google+, Instagram and other social media users with thousands of phishing or otherwise malicious URLs {daily/monthly?}. Attackers also distribute phishing lures in text, SMS, Skype, Messenger, or other messaging services. These new attack vectors demonstrate that phishers have adapted to society’s increased mobility and today’s diversity of messaging platforms.”

The APWG’s Phishing Activity Trends Report For The 1st Quarter Of 2018 Reports:

  • The total number of phishing email detected in 1Q 2018 was 263,538. This was up 46 percent from the 180,577 in 4Q 2017. It was also significantly more than the 190,942 seen in 3Q 2017.
  • At the end of 2016, less than five percent of phishing sites were found on HTTPS infrastructure. By the second quarter of 2018, however, more than a third of phishing attacks were hosted on Web sites that had HTTPS and SSL certificates.
  • Phishers are taking advantage of unclear security messaging. A significant number of HTTPS phish are hosted on domains that are registered by the phishers themselves. the general public’s misunderstanding of the meaning of the HTTPS designation and the confusing labelling of HTTPS Web sites within browsers are the primary drivers of why they have quickly become a popular preference of phishers to host phishing sites.

As you can see, phishers are finding new and successful ways of tricking people.

What Industries Are Phishers Targeting?

The APWG saw increases in phishing that targeted SAAS (Software as a Service) and webmail providers, along with file hosting/sharing sites. Phishing against payment services and banks is still a problem. The most-targeted industry sectors in the 1st quarter of 2018 were:

  • Payment Services 39.4%
  • SaaS/Webmail Services 18.7%
  • Financial Institutions 14.2%
  • Cloud Storage/File Hosting 11.3%
  • Other Industries 16.4%

What Are The 10 Most Common Phishing Subject Lines Q2 2018?

  1. Password Check Required Immediately (15 percent).
  2. Security Alert (12 percent).
  3. Change of Password Required Immediately (11 percent).
  4. A Delivery Attempt was made (10 percent).
  5. Urgent press release to all employees (10 percent).
  6. De-activation of [[email]] in Process (10 percent).
  7. Revised Vacation & Sick Time Policy (9 percent).
  8. UPS Label Delivery, 1ZBE312TNY00015011 (9 percent).
  9. Staff Review 2017 (7 percent).
  10. Company Policies-Updates to our Fraternization Policy (7 percent).

What Are The 10 Most-Clicked Email Subject Lines for Q2 2018?

1. Password Check Required Immediately 15%

2. Security Alert 12%

3. Change of Password Required Immediately 11%

4. A Delivery Attempt was made 10%

5. Urgent press release to all employees 10%

6. De-activation of [[email]] in Process 10%

7. Revised Vacation & Sick Time Policy 9%

8. UPS Label Delivery, 1ZBE312TNY00015011 9%

9. Staff Review 2017 7%

10. Company Policies-Updates to our Fraternization Policy 7%

What Can You And Your Staff Do to Avoid Being Victimized By Phishing?

  • Don’t click buttons or links in emails.
  • Use a password manager to create complex passwords and encrypt them.
  • Don’t use browser-based password manager extensions. They are risky and have the potential to reveal your credentials if you visit a malicious website.
  • Don’t trust the little green lock icon in your web address bar. Hackers can get HTTPS certificates as easily as a real site.
  • Use two-factor verification whenever it’s available. This provides an extra layer of security and will require another form of identification via an email or text message.
  • If you detect a suspicious email, tell your boss and colleagues immediately. The faster your IT service company can respond to a threat, the less damage the hacker can inflict.

We know that this is a lot to think about. If you have any questions, please contact the team at Rafiki Technologies Inc. (RTI) in Calgary AB.

If you found this article interesting, there are many more on our Blog that you should check out. Here are a few samples of what you’ll find:

It’s Cyber Security Awareness Month…Are You Prepared?

When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It can be easy to think that just because you’ve recently bought some new hardware, or updated your security software, or simply the fact that it’s been a while since you had to deal with a major issue. Don’t let that give you false confidence.

New Gift Card Scam Hits Just In Time For The Holidays

There’s a new Gift Card scam going around that has already cost consumers lots of money, frustration, and headaches. Here’s how it works. You’ll get an email from a friend or relative asking you to go buy them a gift card. The email will say that your friend or relative has been busy or sick and unable to get to the store. Once you get the card for them, they’ll ask you to take a quick photo of the gift card code on the back and send it to them. Once you do this, they can cash out the gift card and you lose your money. It happens just that quickly.

The New Windows 10 Release and the Features It Will Be Dropping

Microsoft makes it clear that with each fresh release of Windows 10 there will be new features added – and some features that will be dropped. Here is what you need to know about the features that Microsoft is dropping or stopping development for, and what the alternatives are, for the October 2018 release.

Scroll to Top