In a report identifying the most effective and popular subject lines used by phishing attackers, HR was tops, along with “IT: Backup has failed” and “Action Required: Rejected Deposit.” Maybe subject line colons should be banned? Credit: JLStock / Shutterstock The most effective subject lines for phishing attacks are focused on things that employees tend to be scared to ignore, such as “HR”, “IT”, and “DropBox file shared”, based on a Q2 2024 top-clicked phishing report issued Wednesday from KnowBe4. “HR is the scariest phishing tool in the attackers’ arsenal,” said Erich Kron, security awareness advocate at KnowBe4. “That is because it’s unusual and HR holds a lot of power. When users see HR, they snap to attention.” Other top attention-getters that IT needs to be watching and scanning for include: “possible typo”; “dress code changes”; “Microsoft Teams: (name of user’s manager) is trying to reach you”; “Please update W4”; “Amazon Prime: Unable to complete your membership renewal”; and “Backup process for (user’s email address) has failed”. The report also found that, for enterprises, the most-often attacked vertical was healthcare/pharmaceuticals, displacing the insurance vertical which had held the top spot for the last two years. Energy/utilities came in third, a slot it has held for the last three years, the KnowBe4 report said. Other often-attacked verticals were banking, consulting, financial services, and retail/wholesale. The report noted that little has changed in the key phishing strategies of claiming a false urgency and trying to manipulate user emotions. “Their strategies often exploit human emotions, aiming to elicit feelings of urgency, confusion, anxiety, or even excitement, all in an attempt to lure recipients into clicking on malicious links or opening harmful attachments,” a statement from KnowBe4 said. “These are effective because they may provoke a person to react before thinking logically about the legitimacy of the email, and have the potential to impact an employee’s personal life and professional workday.” Although the time-honored phishing mechanism of including malware-delivering URLs to click or attachments to open still dominates, the vendor said QR codes are increasingly being used. QR codes are problematic for many reasons. First, unlike attachments and URLs, there is no option to right-click to try and figure out if the site it leads to is legitimate or not. Secondly, Kron noted, users are being trained by consumer marketers at sporting events and other venues to click blindly on QR codes. That makes them an inexpensive and very effective mechanism for tricking end-users into downloading malware. Related content news LLMs fueling a “genAI criminal revolution” according to Netcraft report A surge in websites with AI-generated text is expected to continue as threat actors increasingly adopt the technology. And they’re using LLMs for SEO as well, to help them top search pages. By Lynn Greiner 30 Aug 2024 5 mins Phishing Hacking Generative AI feature 10 top anti-phishing tools and services Some of these solutions will help find and stop phishing emails before they can cause damage, while others will find phishers fraudulently using your business's brand. By Tim Ferrill 27 Aug 2024 11 mins Phishing Cyberattacks Malware news Iranian cyberespionage group deploys new BlackSmith malware in sophisticated spear-phishing campaign APT42 has combined capabilities from previous malware scripts into a single new trojan written in PowerShell that is likely part of a larger campaign against Israeli and US targets. By Lucian Constantin 21 Aug 2024 6 mins Phishing Cyberattacks Malware news Trump campaign suffers sensitive data breach in alleged Iranian hack The campaign says sources hostile to the US have hacked into its accounts to steal and compromise sensitive election data. By Shweta Sharma 12 Aug 2024 4 mins Data Breach Election Hacking Phishing PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe