Phishing Email Subject Lines
A Guide To Common Phishing Email Subjects
With COVID-19 and associated restrictions remaining prevalent, many malicious actors have used the opportunity to update their phishing email campaigns. The article linked below explains some of the ways malicious actors try and trick people into giving up their information or even into installing malware.
The article states that many of the emails will use subject lines like coronavirus, work reopening, rescheduled meetings, stimulus payments, and new vacation policies. Malicious actors also craft themed emails to look like popular social media sites like Facebook and LinkedIn.
For LinkedIn they noticed subject lines "You appeared in new searches this week," "People are looking at your LinkedIn profile," "Please add me to your LinkedIn Network," and "LinkedIn Password Reset."
Facebook sees phishing emails using subject lines like "Your Friend Tagged a Photo of You" and "Your friend tagged you in photos on Facebook." Phishing campaigns from Twitter were said to try and entice people with subject lines similar to "Someone has sent you a Direct Message on Twitter."
Other subjects included "A login alert for Chrome on Motorola Moto X," "New voice message at 1:23AM," and "55th Anniversary and Free Pizza". The article also describes some general subjects to look out for:
Password Check Required Immediately
Vacation Policy Update
Branch/Corporate Reopening Schedule
COVID-19 Awareness
Coronavirus Stimulus Checks
List of Rescheduled Meetings Due to COVID-19
Confidential Information on COVID-19
COVID-19 - Now airborne, Increased community transmission
Fedex Tracking
Your meeting attendees are waiting
According to the article, the most common subject lines within phishing emails found “in-the-wild” in the last quarter were:
Microsoft: Abnormal log in activity on Microsoft account
Chase: Stimulus Funds
HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines
Zoom: Restriction Notice Alert
Jira: [JIRA] A task was assigned to you
HR: Vacation Policy Update
Ring: Karen has shared a Ring Video with you
Workplace: [company_name] invited you to use Workplace
IT: ATTENTION: Security Violation
Earn money working from home
At UMBC some of the most common subject lines for phishing emails seen recently have been “UMBC JOB OPPORTUNITY”, “CORNERSTONE STUDENT JOB OFFER”, “CORNERSTONE JOB OFFER”, “UMBC COVID-19 INFORMATION”, “UMBC COVID-19 PART TIME JOB OFFER” and “WORK FROM HOME.”
If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.
How do I forward full email headers?
https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970
For more information, please check out:
https://www.techrepublic.com/article/watch-out-for-these-subject-lines-in-email-phishing-attacks/
Posted: July 22, 2020, 2:45 PM