Work-related email subjects are favoured by cybercriminals employing phishing techniques ever since the ongoing pandemic forced employees to work from home.
While we can’t deny that this is a smart move, it also poses a risk to businesses as communication is slower and employees often have to wait for advice from their IT team.
As such emails with subjects such as, “You have been added to a team in Microsoft Teams” could illicit a click where they might not have before.
In its Q4 2020 top-clicked phishing report, KnowBe4 reports that while work related email subjects are a concern, subject lines regarding social media are increasingly being used cybercriminals.
The most popular social media platform being impersonated during the quarter was LinkedIn which accounted for 47 percent of phishing emails.
The most clicked subject lines for the quarter from KnowBe4 phishing tests were:
- Password Check Required Immediately
- Touch base on meeting next week
- Vacation Policy Update
- COVID-19 Remote Work Policy Update
- Important: Dress Code Changes
- Scheduled Server Maintenance — No Internet Access
- De-activation of [[email]] in process
- Please review the leave law requirements
- You have been added to a team in Microsoft Teams
- Company Policy Notification: COVID-19 – Test & Trace Guidelines
The list above includes both simulated emails used by KnowBe4 for custom phishing tests and templates created by customers.
What we’re interested in however are the “in-the-wild” subject lines that customers reported to KnowBe4 or that were reported to IT teams.
These are the email subject lines you should be cautious of:
- IT: Annual Asset Inventory
- Changes to your health benefits
- Twitter: Security alert: new or unusual Twitter login
- Amazon: Action Required | Your Amazon Prime Membership has been declined
- Zoom: Scheduled Meeting Error
- Google Pay: Payment sent
- Stimulus Cancellation Request Approved
- Microsoft 365: Action needed: update the address for your Xbox Game Pass for Console subscription
- RingCentral is coming!
- Workday: Reminder: Important Security Upgrade Required
While you should be cautious of any email coming from outside your organisation, the emails above could have dire consequences when opened.
In the case of the emails above, our advice is to go directly to the website the email claims to be from rather than clicking links. Cybercriminals are able to mimic real websites very easily and you could be logging into Twitter though you’re more than likely providing sensitive information to an unknown party.
If something looks suspicious it’s advised that you speak to your IT team and alert them to the email, especially if you opened the email and followed the link.
As a matter of interest, the subject line regarding Amazon Prime membership being declined is a regular in our spam folder. While it nearly tricked us once, we’ve since been very cautious of any emails claiming to be from any of the large tech firms. As we mentioned, it’s better to head directly to the website instead of clicking links in an email, unless you’re expecting that email.
[Image – CC 0 Pixabay]