8 Common Phishing Email Subject Lines to Watch Out For

By Zachary Amos, Features Editor at ReHack

Cybercriminals have become more sophisticated with phishing scams over the years. These hackers do their best to impersonate department heads, government entities, recruiters from companies and more. A primary way they try to trick people is through email. Here are eight common phishing email subject lines to watch out for. 

  1. COVID-19 

COVID-19 has taken a toll on people and industries worldwide since early 2020, and hackers have used the pandemic to exploit human vulnerabilities. Cybercriminals use phishing campaigns to get people to click on news about the virus and other compelling subject lines that interest them.

These hackers may pose as the Centers for Disease Control and Prevention (CDC) or a local health department. They may impersonate a human resources (HR) department and claim to have information on a company’s new COVID-19 policy. They can attach documents with malware to try and steal personal information.

  1. Missed Videoconference

Hackers have been taking advantage of the rise in telework since the beginning of the pandemic. Companies often use Zoom, Microsoft Teams, Skype or Google Meet to conduct videoconferences. More employees work from home and may rely on these video chats daily to communicate with co-workers, clients and supervisors. 

Receiving an email about a missed video call could make an employee panic. Hackers are known to prey on human vulnerabilities, so telling someone they forgot about a meeting makes them much more likely to click a dangerous link. The best way for workers to avoid this scam is to check the sender and keep an organized schedule of video calls and each colleague’s contact information.

  1. Urgent

One of the most common subject lines for phishing scams is “urgent.” An email claiming to be pressing or important is highly likely to be clicked on. Recipients should carefully inspect it for evidence of foul play. These emails often have grammatical errors and put too much emphasis on urgency.  

  1. Authentication Request

Another common phishing tactic hackers use is to disguise an email as an authentication request. Multifactor authentication (MFA) has become standard practice in many businesses to enhance cybersecurity. However, it has become another phishing scam for hackers.

They may send an email telling the employee their account is compromised and they must take action to recover it. The hacker could request that someone use their cellphone to confirm their identity. Texting the authentication code may give cybercriminals the ability to change the password and lock out the worker. This problem is common with ransomware attacks, where people must pay a fee to regain control of their accounts.

  1. Payroll

An email with “payroll” in the subject line is common for phishing scams. They target workers at all levels, including the chief executive officer (CEO) and the chief financial officer (CFO). These upper-level management employees have access to confidential records, making them a target for cybercriminals trying to access banking information. 

Phishing scams can happen to anyone, so some companies implement companywide training programs to prevent these attacks. Regaining control of assets can cost time and money, so these sessions can be valuable for a business.

  1. HR: New Policies

One of the most common ways hackers get workers to fall for phishing scams is by impersonating the HR department. They may send an email with a subject line indicating new policies are arriving. Employees who see a message like this are likely to click on it because they don’t want to miss the latest updates.

Employees can help detect scams by checking the domain of the sender. The only emails that workers should trust are the ones clearly coming from inside the company. Sometimes hackers will send a message posing as HR, but it comes from a public domain, such as Gmail. Teaching employees to avoid links from unknown senders is an essential part of cybersecurity basics for a company.

  1. HR: Holidays

Another fake HR message employees should watch out for is about holidays. Hackers may send phishing emails with a subject line pretending to be a company delivering a gift. The message could contain a link to a supposed gift card to a store or a reward for a free drink at a coffee shop.

Employees shouldn’t click these despite the temptations. Cybercriminals have become more intelligent and know how to play with human emotions. People like getting rewards for their work, so they’re more likely to click on a link if that’s what the subject line indicates.

  1. IT Software Update

It’s common for hackers to pose as someone from the information technology (IT) department. Employees trust these workers to take care of the company’s tech. Without a second thought, they may click a link from someone posing from the department. 

These posers could send a notice about a necessary software update that employees must download immediately, only to find the link contains a virus. One way to detect this phishing scam is to look for errors in the email. The hacker may call the department an “IT desk” instead of its actual name, the “help desk.” 

Staying Ahead of Hackers

Cybercriminals have become more intelligent with their schemes and can fool anybody, from entry-level employees to the CEO. Nobody is truly safe from hacking attempts, such as phishing emails. The best way to protect a company is to teach cybersecurity basics companywide.

As the Features Editor at ReHack, Zac Amos writes about cybersecurity, artificial intelligence, and other tech topics. He is a frequent contributor to Brilliance Security Magazine.



Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.