2019 Top 10 General Email Subjects via KnowBe4
Change of Password Required Immediately
Microsoft/Office 365: De-activation of Email in Process
Password Check Required Immediately
HR: Employees Raises
Dropbox: Document Shared With You
IT: Scheduled Server Maintenance – No Internet Access
Office 365: Change Your Password Immediately
Avertissement des RH au sujet de l’usage des ordinateurs personnels
Airbnb: New device login
Slack: Password Reset for Account
A threat actor or group obtain login access to a social media account, typically changing the password to ensure the account’s real owner can no longer access it. Account takeover is usually achieved by tricking a user into giving up their login credentials, often using a fake website (a.k.a. phishing site) that resembles the login page for the relevant social platform.
“Action Required” Attack MS Outlook
The message arrives with a subject line that says something like, “Action Required: [email_address] information is outdated—You must revalidate your account.” The message includes a link that is generally hosted on a legitimate although hacked website to bypass reputation-based email filtering systems. This is a trick to get you to disclose your Office 365 login credentials. This could be the first step in a multiphase attack, providing the attacker with all they need to begin conducting lateral attacks within your organization using the compromised Office 365 account.
Attacker imitates a popular brand by replicating the same website. A malicious form is ready to harvest personal and payment information.
Business Email Compromise
An exploit in which the attacker gains access to a corporate email account and spoofs the owner's identity to defraud the company or its employees, customers or partners of money.
Takes advantage of legitimate messages that the victim may have already received and create a malicious version of it. The attack creates a virtual replica of a legitimate message and sends the message from an email address that looks legitimate.
Common tactic used in social media phishing, and is often used to gain access to legitimate social media accounts for the purpose of impersonation or info gathering. So-called “password reuse attacks” are also common, where compromised credentials are used to gain access to other accounts like, for example, a user’s workplace email account.
By far the most common type of phishing attack in which scammers attempt to replicate a legitimate company’s email correspondence and prompt victims into handing over information or credentials. Often, they are creating a sense of urgency to make people act quickly and without checking.
Email that appears to be from a genuine website and prompts the victim to log in. Then, this information is logged by the attacker and used to log in to the victim’s Dropbox. This often gives them the ability to access private files and photos as well as to take the account hostage.
Evil Twin Phishing
Wi-Fi hotspots that look legitimate. Attackers will even use the set service identifier (SSID) which is the same as the real network. When end-users connect, the attacker can then eavesdrop on their network traffic and steal their account names, passwords, and view any attachments that the user accesses while connected to the compromised hotspot.
Even if a link has a name you recognize somewhere in it, it doesn't mean it links to the real organization. Roll your mouse over the link and see if it matches what appears in the email. If there is a discrepency, don't click on the link. Also, websites where it is safe to enter personal information begin with "https" — the "s" stands for secure. If you don't see "https" do not proceed.
Phishing emails are usually sent in large batches. To save time, Internet criminals use generic names like "First Generic Bank Customer" so they don't have to type all recipients' names out and send emails one-by-one. If you don't see your name, be suspicious.
Google Docs Phishing
Phishers spoof a legitimate-looking log in prompt to trick their victims into handing over their passwords. Through Google Docs, the attackers can then get into files, videos, documents, spreadsheet and whatever else is stored there.
Messages are sent out over an extremely short time span. Some hailstorm attacks end just as the anti-spam tools catch on and update the filters to block future messages, but the attackers have already moved on to the next campaign.
Creation of fake accounts that appear (and claim) to be official accounts for an individual or organization. These accounts are often created on social platforms where the victim is not active, making them more difficult to identify and report.
Like with email-based phishing, targeted social media phishing attacks generally require an element of research on the part of the attacker. Since organizations and individuals routinely make a great deal of information publicly available via social media, threat actors often research their targets using these platforms and use any information they acquire to craft highly convincing spear-phishing campaigns.
Instant Messaging Attack IM
Similar to email attacks, links are delivered via instant messaging versus email. They work much like email attacks, where malware is launched when you click on a hyperlink that then links through to a malicious website. The malware can be spread through your IM chat sessions.
In this scam, the attacker attempts to lure you with an email stating that you have an outstanding invoice from a known vendor or company and provides a link for you to access and pay your invoice. When you access the site, the attacker is poised to steal your personal information and funds.
Longlining attacks are mass customized phishing messages that are typically engineered to look like they are only arriving in small quantities, mimicking targeted attacks. Attackers leverage approaches used by mass marketing campaigners to generate millions of dissimilar messages. They do this with mail-generating code and infrastructure that can rotate email content, subject lines, sender IP addresses, sender email accounts, and URLs. This means that for every organization no more than 10-50 emails will look alike, enabling the malicious emails to fly under the radar of all spam and content scanning systems.
An attack that uses Domain Name System (DNS) cache poisoning. The attacker changes the IP address associated with a website name and redirects it to a malicious website.
Indicates the practice of presenting oneself as someone else to obtain private information. Usually, attackers create a fake identity and use it to manipulate the receipt of information.
An attack that holds the infected computer hostage until the victims pay up. Unfortunately, many people that fall prey to this kind of attack also pay the ransom to get their files released, thereby contributing to the chance that this attack will happen again.
Requests Personal Information
The point of sending phishing email is to trick you into providing your personal information. If you receive an email requesting your personal information, it is probably a phishing attempt.
Search Engine Phishing
Some phishing scams involve search engines where you are directed to product sites that may offer low-cost products or services. If you enter your credit card information to purchase a product, your information is collected by the phishing site. There are many fake bank websites offering credit cards or loans at a low rate, but they are actually phishing sites.
Sense of Urgency
Internet criminals want you to provide your personal information now. They do this by making you think something has happened that requires you to act fast. The faster they get your information, the faster they can move on to another victim.
Shared File Attack
In a shared-file attack, you receive a file-sharing notification in an email message from a common name, such as “John” or “Julie.” You know someone named John or Julie, don’t you? You’re then redirected to a fake OneDrive login page where the phisher then harvests your account credentials. You assume you’ve been logged out. The phisher is counting on you to sleepwalk through your use of Office 365. That way, you won’t question what’s happening.
An attacker attempts to trick people into believing that they’ve won a contest, but the less obvious ones pose as banks and credit card companies. They will then attempt to get the person’s information either by a link in the text or a prompt to call a number.
Attackers push out messages via multiple domains and IP addresses. Each IP address sends out a low volume of messages, so reputation- or volume-based spam filtering technologies can’t recognize and block malicious messages right away. Some of the messages make it to the email inboxes before the filters learn to block them.
Using knowledge gained from social media profiles and other public information, a scammer can craft a legitimate-looking email to trap the victim into responding. This attack is usually targeted towards a specific individual, organization or business.
Tax-themed phishing scams
A common IRS phishing scams is one in which an urgent email letter is sent indicating that you owe money to the IRS. Often the email threatens legal action if you do not access the site in a timely manner and pay your taxes. When you access the site, the attackers can steal your personal credit card or bank information and drain your accounts.
Emails that are embeddedwith links to tech support scam websites, which use various scare tactics to trick you into calling hotlines and paying for unnecessary "technical support services" that supposedly fix contrived device, platform, or software problems.
Voice Message Attack MS Outlook
Office 365 indicates you have an email. The subject line reads: “Incoming: You received a voice message from +1 888 *** – 250 seconds.” It’s personalized with your first name in the body of the message. Along with the realistic-looking phone number, the email contains a phishing link you can click on to hear your message.
This kind of attack is done through Voice over IP (VoIP). Because a VoIP server can be used to appear as virtually anything, and the caller ID can be changed, vishing attempts can be very successful.
Attackers target high-level employees and executives to gain access to their email accounts or spoof them. If they’re able to do that, it puts the entire business at risk.
Watering Hole Attack
A security exploit in which the attacker seeks to compromise a specific group of end users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.
An attacker will use an executive’s email or make one that appears similar and attempt to collect W2s and W9s of the employees to gain private information such as social security numbers and addresses. Tax season is usually the peak time to see these attacks since everyone is getting their information and files ready.