How to Identify a Phishing Email

When it Comes to Phishing, Email Subjects are “Red Herrings”

Unfortunately, email phishing and other types of cybercrime have gone up significantly during the Coronavirus pandemic. The surge in working from home has left many organizations vulnerable to hackers. Suddenly, millions of people now access their company networks over their home WiFi connections. Hackers capitalize on the new opportunities that the pandemic has presented.

 

Has your organization been phished? We hope not. Just in case, here are some things to watch out for if you want to stay protected. 

 

Heads up, we are indulging in some phishing puns on this post, so you’ve been warned. 

 

Social Media as “Bait”

 

Fake social media emails, especially from LinkedIn (or supposedly from LinkedIn), are especially enticing as phishing schemes. The most opened fake emails in recent phishing tests had subject lines like these:

 

  1. Please add me to your LinkedIn Network
  2. LinkedIn Password Reset
  3. Your friend tagged a photo of you
  4. People are looking at your LinkedIn profile
  5. You appeared in new searches this week!
  6. Someone has sent you a Direct Message on Twitter

 

Pro tip: If you receive a social media email that looks interesting, rather than opening the email and clicking links within the message, simply login to your account to find what the message is about.  When in doubt, go to the source. Do not follow links in social media emails.

Top Clicked Phishing Tests

Top 5 General Email Subjects Hackers Use to “Worm” Their Way Into Your Networks

 

In addition to the social media angle, hackers get creative with other subjects. In recent phishing simulations, these general email subjects were the most clicked on:

 

  1. Password Check Required Immediately
  2. Vacation Policy Update
  3. Branch/Corporate Reopening Schedule
  4. COVID-19 Awareness
  5. Coronavirus Stimulus Checks

 

Understandably, organization members want to be more security-minded than ever. Unfortunately, hackers are tuned into this desire and they know how to exploit it by raising questions and alarms about security. Hackers are also hip to current events and Coronavirus/COVID-19 subject lines are current phishing favorites. 

 

Pro tip: Always be wary of emails coming from untrusted sources, especially if they include links and/or attachments.

 

“Scale” Back the Risk: Additional Subject Lines to watch out for

 

We want you to stay extra safe. Here are a few more phishing email subject lines that tested well (from the hacker’s perspective) in recent phishing simulations:

 

  1. Microsoft: Abnormal log in activity on Microsoft Account
  2. Chase: Stimulus Funds
  3. Zoom: Restriction Notice Alert
  4. IT: ATTENTION: Security Violation
  5. Earn money working from home

 

Again, hackers are on top of their current events and they know how to use Coronavirus-related and working from home-related topics and concerns as ways to “worm” their way in.

 

Pro tip: Share this infographic from our security training partner, Knowbe4, with your organization

 

How to Make Hackers “Walk the Plankton”

 

In order to truly protect your organization, all staffers need to be aware of the risks and always vigilant. At Xlingshot, we provide our clients with comprehensive Security Awareness Training, complete with a company risk assessment, complete online training that can be done anywhere with an internet connection, refresher training, phishing simulations to identify additional risks, and regular reporting that shows the company’s results with the program. 

 

Xlingshot customers have seen great results. Here is a snapshot of the before-and-after phishing prevention impact after 12 months of our Security Awareness Training program:

  Industry Phish Prone % Prior to Training Industry Phish Prone % after 90 days of Training Industry Phish Prone % after 12 months of Training
Customer A Business Services- 35.8% 14.2% 3.6%
Customer B Consulting- 31.5% 11.1% 5.9%

 

Contact us today to find out more about how we can help you and your staff protect your company’s networks, email, and data.