Email is one of the favorite mediums of attack for cyber criminals. They launch spyware, ransomware, viruses and other kinds of malware and phishing attacks using emails. The user only needs to click the link in the email or open the attachment, and a malware gets downloaded on the user’s machine. However, the only thing that hackers aren’t too successful in is luring the target audience to open their emails or click on those malicious links. With modern email users getting smarter by the day, this task is getting tougher for the hackers. This is where the attackers get crafty and devise interesting, attention grabbing subject lines for emails which make them look genuine and demand urgent attention of the reader.
Here are some examples of the subject line that cyber criminals use to get the attention of their target.
Remember me? It’s Alex from Riverdale high:- Hackers use social media to know the victim. They uncover victim’s contacts from Facebook, LinkedIn etc. and look for other people with similar background. It could be a place where the victim lived or studied or a friend’s friend who is not on their contact list. They sometime, even use contact data from an already hacked account, impersonate the hacked account holder to grab victim’s attention. Checking the sender’s email address and not opening irrelevant attachments or links is the best way to avoid an attack.
Online banking alert. Your account will be deactivated in next 2 days:- Usually, such emails have links that open web pages similar to your bank’s site. It asks for account number, old password, and other authentication details. This is where the unsuspecting victims hand over their login credentials to the cyber criminals. Always verify the URL of the website; it should have an ‘https’. It is best to type the URL rather than click links in mails. Check the sender’s email address, if it is not from your bank domain, never open that email.
Failed packaged delivery:- Such emails look like they are from a courier company informing you of a failed delivery. It will have an attachment which will be mentioned in the email as an airway bill or notification. Once the victim opens the attachment, a macro in the word document runs automatically to download malware (perhaps a ransomware) on the computer. The image files are popular means of transferring viruses and worms. Never open an attachment unless you are sure of the identity of the sender and also have cross verified the domain name of the sender’s email id. Well, the best way is to stay alert: Were you expecting any delivery? Can there be any real reason that the delivery person missed you? If not, ignore the email. The real delivery service will always call you instead of sending you just an email.
Limited period offer: iPhone 7 at $1:- These emails begin with: All you need to do is share your credit card details and the phone will be shipped to you. If it’s not the iPhone, it will some other expensive merchandise being offered at a ridiculously low price. The moment credit card details are shared on such sites, scammers operating the website use them to make large purchases and the victim is left to foot the bill. The best defense here is not falling for such offers. Think rationally. Why would someone offer to sell something that is worth hundreds of dollars at such a steep discount? Make your inquiries before sharing your details. It is okay to miss a great offer if it means that you save yourself from a much larger scam.
These are only a sample of subject lines used by scammers to lure the gullible into sharing their personal details. As the consumers get smarter, the criminals identify more ways to craft their phishing attack. There are plenty of security features offered by Seqrite Endpoint Security which can scan the attachments and the links in the mail to identify a phishing attack and warn the user. The organizations must implement these security systems. They must implement robust security policies that the employees must follow when working on emails. However, following basic security checks (such as the email id, the domain name, the security level) and common sense will always remain the best defense against Phishing.