Phishing Scam Subject Line Red Flags

Email phishing scams are on the rise—and even more prevalent through the holiday season. One way to effectively combat these attacks is to recognize that suspicious emails start with suspicious subject lines. However, whether subject lines look suspicious depends on the awareness of the user.

Email Phishing Scams

Even simple social engineering attacks, such as phishing scams, can be difficult to spot. Earlier this year, a malicious JavaScript file was sent out disguised as a harmless-looking image file. This effective campaign used a series of numbers and letters with an image file extension as the subject line. To an untrained eye, this subject line was an effective ruse, tricking users into opening the attachment. To a trained user, however, the subject line was a red flag to alert IT that a phishing email had arrived.

Top-5 Suspicious Subject Lines

Through training, common phishing subject lines are more easily recognized. McAfee provides these top-5 suspicious email subject lines:

  1. Invitation to connect on LinkedIn
  2. Mail delivery failed: returning message to sender
  3. Dear <insert bank name here> Customer
  4. Comunicazione importante
  5. Undelivered Mail Returned to Sender

Training Is the Most Effective Tool

Training is the most effective way to enable your staff to catch red flag subject lines. Although the McAfee list highlights the most commonly employed subject lines, it’s crucial that people recognize that there are many variations and alternative subject lines that are successful lures.

To be sure your staff stays vigilant and aware, consider ongoing training. At Security Pursuit, we offer live training and eLearning courses to arm your company with the knowledge necessary to protect your data. “Social engineering prevention begins with training staff to identify the telltale signs of a social engineering attack.”

Bright Red Flag

Suspicious subject lines can be a bright red flag alerting your employees of a dangerous phishing scam. Give them the tools to recognize the attack before they delve deeper into the message and into hot water.