Cybersecurity experts have revealed a list of the 12 most common subject lines in phishing emails targeting businesses.
No email security solution is 100% effective. Hackers put a lot of effort into developing attacks that circumvent email protection and end up in users’ inboxes. Cybersecurity company Barracuda conducted an investigation over a three month period and analysed 360,000 phishing emails. They found that, in many cases, the language contained in the subject line of the email mimicked popular terms in the workplace. This makes the recipient think that the email is urgent and requires an immediate response. It is assumed the employee is more likely to open and respond to an email from a work colleague or their boss, rather than a message from a stranger.
From their analysis, Barracuda compiled a list of the 12 most common phishing emails received by employees. The list shows that fraudsters are using a combination of personalisation and pressure to deceive victims. The 12 top subject lines are based around the following key phrases:
- Follow up
- Are you available? / Are you at your desk?
- Payment Status
- Invoice Due
- Direct Deposit
This report follows a warning from the government, who say small businesses should train up their own cyber security champions. A recent report by the Department for Digital, Culture, Media and Sport and the National Cyber Security Centre claimed that in the case of more than half (57%) of businesses who had suffered a recent breach, the incident had first been spotted by staff rather than by software. As a result, the report is calling for smaller firms to train more staff as specialists in how to identify and stop attacks from hackers. According to the research, the average cyber-attack on a small business costs £900.
Clare Gardiner, director of engagement at the NCSC spoke to Action Fraud: “Identifying a ‘cyber security champion’ in your company is a great way to help avoid a damaging cyber-attack or data breach on your business. They don’t need to be a technical expert, as we offer some great free advice in the Small Business Guide. It is important to pick the right person – for example, someone who is good at motivating staff – and give them the tools and support to raise awareness and implement good cyber security measures. We’re encouraging all small businesses to use the new financial year to have a #CyberSpringClean and get staff involved with protecting the business against hackers.”
Action Fraud offers the following advice on how you can protect yourself:
- Don’t click on the links or attachments in suspicious emails and never respond to messages that ask for your personal or financial details
- Don’t assume an email is authentic, even if someone knows your basic details (such as your name or address). Remember criminals can spoof email addresses to appear as companies you know and trust
- Every Report Matters – if you have been a victim of fraud, report online or by calling 0300 123 2040.