Year over year, email phishing scams have grown in frequency, but 2020 saw the number of malicious emails and sites increase by over 25%.  The easiest way to decrease the likelihood of falling for a phishing scam is to pay attention to the emails you receive and take the time to question if it is from a legitimate source.  To better prepare oneself to not fall prey, it is best to understand what tactics are used by scammers. 

  • Imitating legitimate business activities 
  • Creating a sense of urgency 
  • Prompting the recipient to act 

The goal of the scammers is to trick people into giving up their credentials by making the email look like it came from a legitimate source, and forcing a prompt action, before you look too closely at the email.   

The most common keywords fall into eleven basic categories, most you will recognize; invoice, new, message, required, blank subject, file, request, action, document, verification, eFax, and voicemail. 

Below are listed real world examples of subject lines in each category. 

Invoice 

  1. RE:INVOICE 
  2. Missing Invoice ####, from a legitimate business name 
  3. Invoice ### 

New 

  1. New Message from ####, usually a legitimate source or business name 
  2. New scanned fax doc-delivery for 
  3. New fax transmission from ####, usually a legitimate source or business name 

Message 

  1. Message from ####, usually a legitimate source or business name 
  2. You have a new message 
  3. Telephone message for #### 

Required 

  1. Verification required! 
  2. Action Required: Expiration notice on (email address) 
  3. [Action Required] Password expire 

Blank Subject 

Blank subject lines can generally avoid automated security measurements when there are not common keywords for the software to scan 

File 

  1. You have a Google drive file shared 
  2. (Name) sent you some files—can be someone you know or in your organization 
  3. File-#### 
  4. (Business Name) Sales project files and request for quote 

Request 

  1. (Legitimate Business Name) Sales Project files and request for quote 
  2. (Legitimate Business Name) W-9 Form request 
  3. Your service request #### 
  4. Request notification #### 

Action 

  1. Action required: Expiration Notice on (legitimate business email address) 
  2. Action required: (Date) 
  3. Action required: Review message sent on (date) 
  4. Action required password expired 

Verification 

  1. Verification required! 

eFax 

  1. eFax from ID: #### 
  2. eFax® message from “phone number”—2 page(s), Caller-ID: 

Voicemail 

  1. VM from ########### to Ext. ###### on date 
  2. VM from ########## received for username on date 
  3. Vmail received on Monday, #### ##### 

Recognizing the keywords is the first step in protecting yourself and company from phishing emails.  If you are unsure if an email is legitimate or not, contact the supposed sender via another form of communication or have your IT department verify its legitimacy. 

At HubWise Technology, we believe an educated customer is a safer customer.  Education is not the only way that we protect against phishing scammers; we also deploy HubWise Armor, our security solution, that includes advanced phishing protection and alerting to suspicious emails.  If you would like to know more about how we protect our customers, feel free to reach out at jmoen@hubwisetech.com. or via our contact form