September 13, 2021

Cybersecurity company Expel released a report last week identifying the top keywords used in the subject lines of phishing attempts.

Expel explained that employees will have to exercise extreme caution over the seemingly mundane emails they receive.

They further revealed that the top three subject lines in phishing attempts are “RE: INVOICE,” “Missing Inv ####; From [Legitimate Business Name] and “INV####.”

Expel went on to explain that “generic business terminology doesn’t immediately stand out as suspicious and maximizes relevance to the most potential recipients by blending in with legitimate emails, which presents challenges for security technology.”

In addition, subject lines indicating newness are often used in phishing attempts, with examples such as “New Message from ####, “New Scanned Fax Doc-Delivery for ####” and “New FaxTransmission from ####.”

The cybersecurity company further explained that these legitimate messages and notifications often use the term “new” to “raise the recipient’s interest,” adding that “people are drawn to new things in their inbox, wanting to make sure they don’t miss something important.”

Subject lines indicating further action requirements are also common phishing methods, according to Expel, with wording focusing on expiration notifications for emails and passwords, as well as verification requirements.

Other commonly used subject lines of phishing attempts include blank subject lines, file / data sharing language, service and form requests, action requests, and eFax angles.

For more information, view the original story from TechRepublic.