Firewalls, anti-virus, VPN, encryption are all cybersecurity terms you may have heard over the past few years, but what good are they if a hacker gains access to your network through an employee? Phishing has become one of the most dangerous methods used to gain entry into a network. Cyber criminals are aware of how often people are using email and have devised clever ways to try and fool someone into doing their work for them.
Barracuda Networks analyzed 360,000 phishing emails over a three-month period and identified the 12 most common subject lines that were used. According to Barracuda’s spear phishing report, here are the top subject lines being used:
- Follow up
- Are you available?/Are you at your desk?
- Payment Status
- Invoice Due
- Direct Deposit
You may have seen one or two of these before, or even get legitimate emails from people within your organization using these subject lines. Their goal is to seem simple enough and familiar enough that you will take action. It can be especially convincing when receiving an email that would appear to be from a superior requesting action.
No one wants to be the reason an invoice wasn’t paid, or worse yet, not be able to collect their own paycheck because there was something else that needed to be done. Hackers have found ways to pose as people within your organization, and if you are not careful it could fool you too.
Should you ever encounter an email with one of these subject lines or a suspicious email it is always better to check directly with the sender especially if there are financial transactions requested to ensure they really did ask. Always keep an eye out for suspicious links and hover over any linked text to see what the link really leads to before clicking.
Make Sure Your Team Knows How to Spot Phishing
People are always going to be targets for these phishing attacks. Preparing your team with knowledge is the best defense you have against stopping phishing emails in their tracks.
Sign up for our Phishing Defender solution to take advantage of our employee awareness training program, which includes a complimentary phishing test to see if anyone on team could fall for a spoofed email.