What would you expect if you got an e-mail with the subject line of “Security Alert”? How about “Unusual sign-in activity”? You probably expect it to be an e-mail that is trying to raise your awareness about some potential security issue. I’m afraid it is likely not. These are just two examples from the Top 10 Phishing Subject Lines report for Quarter 2 2017 that was release by KnowBe4 recently.
The report shows that people are clicking on e-mails with the above subjects (which could potentially be business related). However some of the other subject lines are not very “business-like” at all and people are still going into them and potentially bringing things like Ransomware into their employers networks.
- 21% Security Alert
- 14% Revised Vacation & Sick Time Policy
- 10% UPS Label Delivery 1ZBE312TNY00015011
- 10% BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO
- 10% A Delivery Attempt was made
- 9% All Employees: Update your Healthcare Info
- 8% Change of Password Required Immediately
- 7% Password Check Required Immediately
- 6% Unusual sign-in activity
- 6% Urgent Action Required
Clearly #4 above is not in anyway a business related e-mail (unless you are a United Airlines employee, obviously ?). However #3 and #5 could also be unrelated to your company’s day-to-day business.
The e-mails in the research actually made it passed any spam or malware filters that the surveyed organisations had in place, showing that technology cannot be completely relied upon to give 100% protection against the many evils on the internet. Your staff will be your last line of defence.
Of course you could avail of our Internet Security Awareness and Safety Training. This will show your staff what to watch out for and how to handle such dodgy e-mails. It will also give them a very comprehensive insight into what threats are out there and how they can prevent downtime in your business
If you don’t want to go down that road, then at least have a read of Commandment 5 of our very own Top 10 – The Ten Commandments of Cyber Security, which will give you plenty to think about in respect to handling e-mail with any type of phishing subject lines.