Have you ever looked at the subject line on an email you received and recognized immediately that the message was a scam?
A recent report from KnowBe4, a security awareness training firm, shows some of the email subject lines that scammers are using most frequently to try to trick people out of their money and/or personal information.
For its Q1 2022 top-clicked phishing report, KnowBe4says it examined tens of thousands of email subject lines from simulated phishing tests. The company says it also reviewed real emails that were reported as suspicious to IT departments.
Here are the top phishing scam email subject lines that workers in the United States need to look out for, according to KnowBe4. Note that they all seem to require some kind of action on the part of the recipient.
Look Out for These Scam Email Subject Lines
- HR: Requirements Tracking COVID-19 Vaccinations
- Password Check Required Immediately
- HR: Vacation Policy Update
- HR: Important: Dress Code Changes
- Acknowledge Your Appraisal
Of course, when it comes to emails, subject lines aren’t the only thing you need to watch for.
Money expert Clark Howard says you should always be cautious with emails that come from people or organizations you don’t know. Here’s his #1 tip to spot an email phishing scam and what you should not do when you get one.
“Phishing emails will always contain a link to a website, or a toll-free number to call. Don’t call, and never click the link — not even if it seems legitimate. Instead, go to the company’s website,” Clark says.
If you’re not sure that an email you’ve received is legitimate, do your due diligence and look up the sending company’s official website yourself. Some things to look for include:
- Contact page: See if you can find the phone number and email address of a company representative. Reputable companies typically would have this posted online.
- About Us page: Read up on the company’s business, history and other facts that would inform you.
- Look for the padlock icon in the address bar. This will indicate whether it’s a secure site or not.
And never enter your personal information into a link you received in an email.
Crooks are trying to get you to click on things that will interest you and make you want to act on them.
“It is important to remember that cybercriminals utilize various tactics such as preying on people’s emotions when executing their malicious scams,” Stu Sjouwerman, CEO of KnowBe4, says. “Remaining vigilant and adopting a heightened sense of suspicion around emails that trigger an emotional response can end up preventing a detrimental cybersecurity attack.”