Top Keywords Used in Phishing Email Subject Lines

September 13, 2021

Cybersecurity company Expel released a report last week identifying the top keywords used in the subject lines of phishing attempts.

Expel explained that employees will have to exercise extreme caution over the seemingly mundane emails they receive.

They further revealed that the top three subject lines in phishing attempts are “RE: INVOICE,” “Missing Inv ####; From [Legitimate Business Name] and “INV####.”

Expel went on to explain that “generic business terminology doesn’t immediately stand out as suspicious and maximizes relevance to the most potential recipients by blending in with legitimate emails, which presents challenges for security technology.”

In addition, subject lines indicating newness are often used in phishing attempts, with examples such as “New Message from ####, “New Scanned Fax Doc-Delivery for ####” and “New FaxTransmission from ####.”

The cybersecurity company further explained that these legitimate messages and notifications often use the term “new” to “raise the recipient’s interest,” adding that “people are drawn to new things in their inbox, wanting to make sure they don’t miss something important.”

Subject lines indicating further action requirements are also common phishing methods, according to Expel, with wording focusing on expiration notifications for emails and passwords, as well as verification requirements.

Other commonly used subject lines of phishing attempts include blank subject lines, file / data sharing language, service and form requests, action requests, and eFax angles.

For more information, view the original story from TechRepublic.

Top Stories

Related Articles

June 9, 2026 Hackers exploited Meta’s AI-powered support chatbot to gain control of Instagram accounts, including several high-profile profiles. Meta more...

June 5, 2026 Security researchers have disclosed a new denial-of-service attack called HTTP/2 Bomb that can overwhelm major web servers more...

May 20, 2026 The Cybersecurity and Infrastructure Security Agency, the arm of the U.S. government tasked with protecting critical infrastructure more...

May 11, 2026 Instructure has restored access to its Canvas learning platform after a cyberattack disrupted service for universities and more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn