The Most Commonly Used Email Keywords to look for to Avoid Phishing Scams

The Most Commonly Used Email Keywords to look for to Avoid Phishing Scams

Year over year, email phishing scams have grown in frequency, but 2020 saw the number of malicious emails and sites increase by over 25%.  The easiest way to decrease the likelihood of falling for a phishing scam is to pay attention to the emails you receive and take the time to question if it is from a legitimate source.  To better prepare oneself to not fall prey, it is best to understand what tactics are used by scammers. 

  • Imitating legitimate business activities 
  • Creating a sense of urgency 
  • Prompting the recipient to act 

Year over year, email phishing scams have grown in frequency, but 2020 saw the number of malicious emails and sites increase by over 25%.  The easiest way to decrease the likelihood of falling for a phishing scam is to pay attention to the emails you receive and take the time to question if it is from a legitimate source.  To better prepare oneself to not fall prey, it is best to understand what tactics are used by scammers. 

  • Imitating legitimate business activities 
  • Creating a sense of urgency 
  • Prompting the recipient to act 

The goal of the scammers is to trick people into giving up their credentials by making the email look like it came from a legitimate source, and forcing a prompt action, before you look too closely at the email.   

The most common keywords fall into eleven basic categories, most you will recognize; invoice, new, message, required, blank subject, file, request, action, document, verification, eFax, and voicemail. 

Below are listed real world examples of subject lines in each category. 

Invoice 

  1. RE:INVOICE 
  2. Missing Invoice ####, from a legitimate business name 
  3. Invoice ### 

New 

  1. New Message from ####, usually a legitimate source or business name 
  2. New scanned fax doc-delivery for 
  3. New fax transmission from ####, usually a legitimate source or business name 

Message 

  1. Message from ####, usually a legitimate source or business name 
  2. You have a new message 
  3. Telephone message for #### 

Required 

  1. Verification required! 
  2. Action Required: Expiration notice on (email address) 
  3. [Action Required] Password expire 

Blank Subject 

Blank subject lines can generally avoid automated security measurements when there are not common keywords for the software to scan 

File 

  1. You have a Google drive file shared 
  2. (Name) sent you some files—can be someone you know or in your organization 
  3. File-#### 
  4. (Business Name) Sales project files and request for quote 

Request 

  1. (Legitimate Business Name) Sales Project files and request for quote 
  2. (Legitimate Business Name) W-9 Form request 
  3. Your service request #### 
  4. Request notification #### 

Action 

  1. Action required: Expiration Notice on (legitimate business email address) 
  2. Action required: (Date) 
  3. Action required: Review message sent on (date) 
  4. Action required password expired 

Verification 

  1. Verification required! 

eFax 

  1. eFax from ID: #### 
  2. eFax® message from “phone number”—2 page(s), Caller-ID: 

Voicemail 

  1. VM from ########### to Ext. ###### on date 
  2. VM from ########## received for username on date 
  3. Vmail received on Monday, #### ##### 

Recognizing the keywords is the first step in protecting yourself and company from phishing emails.  If you are unsure if an email is legitimate or not, contact the supposed sender via another form of communication or have your IT department verify its legitimacy. 

At HubWise Technology, we believe an educated customer is a safer customer.  Education is not the only way that we protect against phishing scammers; we also deploy HubWise Armor, our security solution, that includes advanced phishing protection and alerting to suspicious emails.  If you would like to know more about how we protect our customers, feel free to reach out at jmoen@hubwisetech.com. or via our contact form.

Email Security

Email Security

In our current business environment, email security has been focused on the newest threats. The threats pertaining to Covid-19 are very serious and need to be highlighted but they are not the only type of threat that needs to be emphasized.

In times of disaster, malicious actors will always try to take advantage of the situation. While all email users need to be aware of these perils, we cannot forget about other risks that are still present. There are millions of phishing and spoofing emails being sent daily that do not contain any information about the Coronavirus.

While phishing and spoofing can be used in conjunction with each other, they are both separate types of fraudulent emails meant to trick users into giving up personal information; including passwords, bank account information, and credit card numbers. Phishing is the practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, usually passwords. Spoofing disguises a communication from an unknown source as being from a known source. Both acts are not only used maliciously through email, but can be utilized as fake websites, phone calls or text messages.

Email Phishing

There are millions of phishing emails that are sent globally everyday. They make up 90% of all cyber attacks by volume. Some are poorly done, the Nigerian Prince, while some take an expert to tell the difference between a legitimate and fake email. The most common form of phishing emails are mocked-up templates informing users that their Microsoft, Apple or Facebook accounts have been locked out. They usually contain a link to click which will immediately reset your password, and by only entering your current user name and password this issue can be quickly fixed. The key to this type of scam, is they urge the recipient to quick action. They succeed by minimizing the amount of time users spend thinking about the legitimacy of the request with their call to action. The top ten most common companies that are used in phishing emails are;

  • Microsoft
  • PayPal
  • FaceBook
  • Netflix
  • Bank of America
  • Apple
  • CIBC
  • Amazon
  • DHL
  • DocuSign

If you receive an email asking for your passwords, first, stop and think. Never follow an unprompted e-mail link to reset your password. If you think there might be an issue with your password, access your mobile or desktop application, and establish if you can access it normally. If you can, more than likely you have been phished. If you have put in your sign in information, immediately change your passwords.

Email Spoofing

Spoofing is a less common form of malicious email attack, but if done well, hackers can easily trick an unsuspecting receiver into giving up personal information. The most common is an attempt by the malicious party to trick their target into giving up their credit card numbers, Social Security Numbers or bank account information. They accomplish this by tricking the target in believing the email has been sent from a trusted source; their bank, coworker or insurance company. For example, the accounting department may get an email from what they think is the CFO asking to purchase gift cards for clients. After they are purchased, they will be asked to scan and email the information. At this point, the bad actor has successfully scammed their intended target, and received untraceable funds. If you receive an email, asking for personal information, money, account numbers, etc, always verify that it is a legitimate request. This can be done by simply picking up the phone and calling the requester at a phone number that you already possess not any that are listed on the potentially spoofed email.

How Is Your Organization’s Email Security?

While in these trying times, we need to be extra cautious, especially with the newer digital threats that revolve around Covid-19, we still can not ignore other forms of cyberattacks. If you are interested in learning more about how to prevent phishing, spoofing and other cyberattacks, please reach out to HubWise Technology, jmoen@hubwisetech.com or at (402)339-7441.