Strategic Group Blog

Everything you need to know about IT and technology

close
Written by Emily Gam
on August 07, 2017

Email phishing is still the number one infection vector and is an effective tool used by cybercriminals as they can craft and distribute enticing material to both random and targeted victims.

Phishing emails use a technique called Social Engineering which tries to manipulate, influence or deceive you into opening and clicking the email.  The most common form of social engineering is a scam email copying the ‘look and feel’ of a well-known organisation that you would be expecting to hear from, like the ATO or a utilities company such as Origin. Once you click on the link you are usually taken to a fake site where you are asked to enter personal details or your login information, or malware is installed on your computer.

Security company KnowB4 measured the amount of clicks on phishing emails with over 22,000 people falling for the social engineering tricks. Of those 22,000 who clicked on a phishing email, here are the top ten phishing email general subject lines:

  1. Security Alert - 21%
  2. Revised Vacation & Sick Time Policy - 14%
  3. UPS Label Delivery - 10%
  4. BREAKING: United Airlines Passenger Dies - 10%
  5. A Delivery Attempt was made - 10%
  6. All Employees: Update your Healthcare Info - 9%
  7. Change of Password Required Immediately - 8%
  8. Password Check Required Immediately - 7%
  9. Unusual sign-in activity - 6%
  10. Urgent Action Required - 6%

Several recent phishing campaigns targeting Australians have featured precise replicas of the imitated organisation’s brand design and competent use of English, where the typical phishing email might historically have been easier to identify thanks to spelling errors, poor grammar and inconsistent design.

If you suspect that an email you received is a phishing scam but you aren’t sure, contact the organisation. Make sure you independently search for their contact info, and don’t use the details provided in the email.

You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Tips

Social Engineering Red Flags - What to look out for

Hackers and scammers are getting more sophisticated, gone are the days of the laughable Prince of Nigeria scams, now sca...

News Tips Security

Optus Customers' Data Impacted by Serious Cyberattack

As you are probably aware, late last week, Optus announced it had been the victim of a cyberattack that exposed customer...

News Tips

Why using a locally sourced IT provider can change your business for the better

We’ve all been through the painful process of contacting our IT provider and being paged through to someone overseas.