Groups Similar Look up By Text Browse About

Similar articles
Article Id Title Prob Score Similar Compare
215636 TECHREPUBLIC 2021-9-9:
The top keywords used in phishing email subject lines
1.000 Find similar Compare side-by-side
215616 ZDNET 2021-9-9:
Phishing attacks: One in three suspect emails reported by employees really are malicious
0.812 0.611 Find similar Compare side-by-side
215457 ARSTECHNICA 2021-9-7:
Microsoft Outlook shows real person’s contact info for IDN phishing emails
0.035 0.414 Find similar Compare side-by-side
215529 ZDNET 2021-9-7:
Watch out for digital Hurricane Ida scams: SEC
0.413 Find similar Compare side-by-side
215668 TECHREPUBLIC 2021-9-9:
Malicious office documents: The latest trend in cybercriminal exploitation
0.378 Find similar Compare side-by-side
216056 TECHREPUBLIC 2021-9-13:
Protect your endpoints with top EDR software
0.345 Find similar Compare side-by-side
215783 TECHREPUBLIC 2021-9-9:
WFH is a cybersecurity "ticking time bomb," according to a new report
0.334 Find similar Compare side-by-side
215720 ZDNET 2021-9-10:
US military reservist lands himself prison sentence for operating romance scams
0.332 Find similar Compare side-by-side
215782 ZDNET 2021-9-9:
91% of IT teams have felt 'forced' to trade security for business operations
0.332 Find similar Compare side-by-side
215704 THEVERGE 2021-9-9:
Vape receipts help DOJ nab man who allegedly botnetted thousands of passwords
0.330 Find similar Compare side-by-side
215781 TECHREPUBLIC 2021-9-8:
Enhancing cybersecurity skills for the entire workforce must be a priority for cyber-resilience
0.323 Find similar Compare side-by-side
215522 TECHREPUBLIC 2021-9-6:
Cybersecurity: Watch out for these unique fraudster tricks Loki would be proud of
0.317 Find similar Compare side-by-side
215997 TECHREPUBLIC 2021-9-13:
IoT device attacks double in the first half of 2021, and remote work may shoulder some of the blame
0.308 Find similar Compare side-by-side
215654 VENTUREBEAT 2021-9-8:
How organizations can improve security operations
0.301 Find similar Compare side-by-side
216052 TECHREPUBLIC 2021-9-13:
5 ways to better prepare your organization for a ransomware attack
0.298 Find similar Compare side-by-side
215988 VENTUREBEAT 2021-9-11:
Only 8% of orgs with web apps for file uploads have adequate cybersecurity
0.295 Find similar Compare side-by-side
215661 VENTUREBEAT 2021-9-9:
IT teams face employee resistance to security controls
0.294 Find similar Compare side-by-side
215588 ZDNET 2021-9-6:
This is the perfect ransomware victim, according to cybercriminals
0.288 Find similar Compare side-by-side
215648 TECHREPUBLIC 2021-9-10:
Remote cybersecurity concerns and labor shortages are front and center in a new small business report
0.288 Find similar Compare side-by-side
216037 TECHREPUBLIC 2021-9-10:
Your voiceprint could be your new password as companies look to increase security for remote workers
0.286 Find similar Compare side-by-side
215991 VENTUREBEAT 2021-9-11:
Computer vision and deep learning provide new ways to detect cyber threats
0.285 Find similar Compare side-by-side
215649 ZDNET 2021-9-10:
IT leaders facing backlash from remote workers over cybersecurity measures: HP study
0.281 Find similar Compare side-by-side
215633 ZDNET 2021-9-10:
HAProxy urges users to update after HTTP request smuggling vulnerability found
0.275 Find similar Compare side-by-side
215484 ARSTECHNICA 2021-9-7:
ProtonMail removed “we do not keep any IP logs” from its privacy policy
0.272 Find similar Compare side-by-side
215587 ZDNET 2021-9-6:
Cybersecurity is tough work, so beware of burnout
0.271 Find similar Compare side-by-side


ID: 215636


Date: 2021-09-09

The top keywords used in phishing email subject lines

In recent months, hacking groups have brought critical aspects of U.S. infrastructure to a halt, and phishing is a popular tool in cybercriminal's seemingly ever-expanding armamentarium of attack methods. On Wednesday, Expel released a report, highlighting the top keywords used in phishing attempt subject lines. Based on the findings, employees may need to be particularly wary of the seemingly innocuous emails in their inboxes. "Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion - urgency or fear of loss are the most common," said Ben Brigida, director, SOC Operations, at Expel. "The actions are as simple as 'go to this site' or 'open this file,' but the attacker wants you to be moving too fast to stop and question if it's legitimate." Security incident response policy (TechRepublic Premium). To determine this list of keywords, Expel looked at 10,000 malicious emails. In a blog post about the findings, Expel said the keywords in these subject lines target one or multiple themes in an effort to "make recipients interact with the content. " These themes include "imitating legitimate business activities, generating a "sense of urgency" and cueing the "recipient to act." Some of the top listed phishing keywords are designed to imitate legitimate business invoices.  In order, the top three such subject lines include "RE: INVOICE," "Missing Inv ####; From [Legitimate Business Name] and "INV####." To add context to these phishing attempts disguised as standard invoices, Expel said that "generic business terminology doesn't immediately stand out as suspicious and maximizes relevance to the most potential recipients by blending in with legitimate emails, which presents challenges for security technology." Per Expel, subject lines highlighting newness are frequently used in phishing attempts with examples including "New Message from ####, "New Scanned Fax Doc-Delivery for ####" and "New FaxTransmission from ####." Adding context to this roundup of "new" subject lines, Expel said legit communications and alerts regularly use the term "new" to "raise the recipient's interest," adding that "people are drawn to new things in their inbox, wanting to make sure they don't miss something important." Best practices and security tips (free PDF).   (TechRepublic). Subject lines highlighting new messages and further actions requirements are also popular phishing methods, according to Expel, with phrasing focused on expiration notices for emails and passwords, verification requirements and others. " Keywords that promote action or a sense of urgency are favorites among attackers because they prompt people to click without taking as much time to think. "Required" also targets employees' sense of responsibility to urge them to quickly take action," the post said. Other top phishing attempt subject lines include blank subject lines, file/document sharing language, service and form requests, action requirements and eFax angles. On average organizations will face more than 700 social engineering cyberattacks annually and 10% of the targeted attacks are business email compromises (BEC), according to a July Barracuda Networks report; among social engineering attacks analyzed by company researchers, phishing represented 49%. Interestingly, a person's role at a company may play a role in their risk of being targeted by cybercriminals. For example, Barracuda Networks determined that IT professionals receive an average of 40 targeted phishing attacks annually and this number jumps to 57 for CEOs. Brigida said the subject line action is "ideally" a task the email recipient does in their day-to-day job so that the "request feels familiar or routine." "If a user is in finance, they may fall for an invoice-themed phish. If they are in recruiting, they may fall for a resume-themed phish," Brigida said. "The job of an attacker is to trick the user into doing what they want, evading security detection tools in the process by blending in with typical business activities. " Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays