Strategic Group Blog

Everything you need to know about IT and technology

Written by Emily Gam
on August 07, 2017

Email phishing is still the number one infection vector and is an effective tool used by cybercriminals as they can craft and distribute enticing material to both random and targeted victims.

Phishing emails use a technique called Social Engineering which tries to manipulate, influence or deceive you into opening and clicking the email.  The most common form of social engineering is a scam email copying the ‘look and feel’ of a well-known organisation that you would be expecting to hear from, like the ATO or a utilities company such as Origin. Once you click on the link you are usually taken to a fake site where you are asked to enter personal details or your login information, or malware is installed on your computer.

Security company KnowB4 measured the amount of clicks on phishing emails with over 22,000 people falling for the social engineering tricks. Of those 22,000 who clicked on a phishing email, here are the top ten phishing email general subject lines:

  1. Security Alert - 21%
  2. Revised Vacation & Sick Time Policy - 14%
  3. UPS Label Delivery - 10%
  4. BREAKING: United Airlines Passenger Dies - 10%
  5. A Delivery Attempt was made - 10%
  6. All Employees: Update your Healthcare Info - 9%
  7. Change of Password Required Immediately - 8%
  8. Password Check Required Immediately - 7%
  9. Unusual sign-in activity - 6%
  10. Urgent Action Required - 6%

Several recent phishing campaigns targeting Australians have featured precise replicas of the imitated organisation’s brand design and competent use of English, where the typical phishing email might historically have been easier to identify thanks to spelling errors, poor grammar and inconsistent design.

If you suspect that an email you received is a phishing scam but you aren’t sure, contact the organisation. Make sure you independently search for their contact info, and don’t use the details provided in the email.

You should ensure your staff are trained and know how to spot a phishing email. Consider conducting phishing tests on your staff and holding regular training.

Free User Phishing Test

Let Us Know What You Thought about this Post.

Put your Comment Below.

You may also like:

Tips Security

What is a Disaster Recovery Plan?

A Disaster Recovery Plan, sometimes referred to as a Business Continuity Plan, is a process and set of procedures put in...

Tips Security

Cyber Security: What is whaling?

You’ve heard of phishing and how scammers use it along with social engineering tactics to get you to click on a dodgy li...

Tips Productivity

7 tips to get the most out of OneNote

OneNote is a super versatile program that comes with Microsoft Office. It allows you to take quick and easy notes and ke...