Phishing Email Subject Lines

With COVID-19 and associated restrictions remaining prevalent, many malicious actors have used the opportunity to update their phishing email campaigns. The article linked below explains some of the ways malicious actors try and trick people into giving up their information or even into installing malware.

The article states that many of the emails will use subject lines like coronavirus, work reopening, rescheduled meetings, stimulus payments, and new vacation policies. Malicious actors also craft themed emails to look like popular social media sites like Facebook and LinkedIn.

For LinkedIn they noticed subject lines "You appeared in new searches this week," "People are looking at your LinkedIn profile," "Please add me to your LinkedIn Network," and "LinkedIn Password Reset."

 Facebook sees phishing emails using subject lines like "Your Friend Tagged a Photo of You" and "Your friend tagged you in photos on Facebook." Phishing campaigns from Twitter were said to try and entice people with subject lines similar to "Someone has sent you a Direct Message on Twitter."

Other subjects included "A login alert for Chrome on Motorola Moto X," "New voice message at 1:23AM," and "55th Anniversary and Free Pizza". The article also describes some general subjects to look out for:

• Password Check Required Immediately

• Vacation Policy Update

• Branch/Corporate Reopening Schedule

• COVID-19 Awareness

• Coronavirus Stimulus Checks

• List of Rescheduled Meetings Due to COVID-19

• Confidential Information on COVID-19

• COVID-19 - Now airborne, Increased community transmission

• Fedex Tracking

• Your meeting attendees are waiting
  
  

According to the article, the most common subject lines within phishing emails found “in-the-wild” in the last quarter were:

• Microsoft: Abnormal log in activity on Microsoft account

• Chase: Stimulus Funds

• HR: Company Policy Notification: COVID-19 - Test & Trace Guidelines

• Zoom: Restriction Notice Alert

• Jira: [JIRA] A task was assigned to you

• HR: Vacation Policy Update

• Ring: Karen has shared a Ring Video with you

• Workplace: [company_name] invited you to use Workplace

• IT: ATTENTION: Security Violation

• Earn money working from home
  
  

At UMBC some of the most common subject lines for phishing emails seen recently have been “UMBC JOB OPPORTUNITY”, “CORNERSTONE STUDENT JOB OFFER”, “CORNERSTONE JOB OFFER”, “UMBC COVID-19 INFORMATION”, “UMBC COVID-19 PART TIME JOB OFFER” and “WORK FROM HOME.”

If you do receive any email that you suspect is a scam, please do not click on any URL or reply. Either of those actions confirms to the sender that your email address is valid. Please forward the message (with the email headers) to security@umbc.edu and delete the message.

How do I forward full email headers?

https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970

For more information, please check out: 

https://www.techrepublic.com/article/watch-out-for-these-subject-lines-in-email-phishing-attacks/