ServiQual Blog

Established in 2014, ServiQual has over the years served numerous clients in Mauritius. Through our blog section, we want to share the knowledge and expertise acquired over the years. Enjoy the read and stay tuned for more blogs!

The Most Popular Subject Lines for Phishing Threats are Revealing

shutterstock_1165944355

Even the most cautious employee could fall victim to a well-placed and well-timed phishing email. What are some factors that contribute to the success of these attacks, and what subject lines in particular should people be cautious about? A recent study takes a look at what goes into a successful phishing attack, and you might be surprised by the results.

Expel published a report revealing the most common subject lines used in phishing emails, all of which encourage the reader to take some sort of action. This is problematic, especially for employees who don’t typically tend to think twice before downloading an attachment or clicking on a link.

Expel looked at 10,000 known malicious emails and put together a list of keywords used in phishing emails. The fact that most of them have a sense of urgency should come as no surprise, as this tactic has been used in phishing attacks since their inception. Plus, this is a tactic also utilized in marketing emails, so hackers can blur the lines a bit and create uncertainty in this way.

Ben Brigida, Director and SOC of Operations at Expel, had this to say regarding the matter: "Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion - urgency or fear of loss are the most common… The actions are as simple as 'go to this site' or 'open this file,' but the attacker wants you to be moving too fast to stop and question if it's legitimate.”

Basically, the simpler and more direct the phishing email is, the easier time a hacker has in pulling it off. This idea is reflected in the keywords. You might notice that not only are they simple, but they also mimic emails sent from legitimate businesses. Here are three of the most common ones:

  • RE: INVOICE
  • Missing Inv ####; From [Legitimate Business Name]
  • INV####

These subject lines tap into the fear that one might have of missing a payment, something which can be problematic for a small business that relies on goods or services to stay operational. Rather than take a step back and question these messages, users will simply make the payment. Plus, when you consider the sheer amount of invoices or messages sent out by automatic systems, this type of language is not necessarily a red flag.

Some other common phishing subject lines might include the words “required,” “verification required,” file sharing, action requirements, or service requests. The tags that sometimes get assigned to emails in inboxes also don’t help, as employees might see the word “new” next to a message and impulsively click on it.

If you want to take your network security seriously and stop phishing emails in their tracks, ServiQual can help. To learn more, reach out to us at +230 260 4655.

Tip of the Week: Cleaning Your Headphones
Malware That Targets Android Can Cause Major Probl...

Customer Login


News & Updates

We believe that our impact goes beyond usual business etiquette. As a responsible company in Mauritius, we care about making a positive difference for the greater good. Therefore, we are organizing our first-ever blood donation event with TNS Consume...

Contact us

Learn more about what ServiQual can do for your business.

Call us : +230 260 4650
Email us :
Help Desk : 86101

ServiQual
Ground Floor, Aptis House, INOVA Business Park , Riche Terre, Mauritius