Phishing Emails and COVID-19
It is not surprising that phishing attacks about the COVID-19 pandemic account for approximately 50% of all phishing attempts in Q3 2020. Coronavirus-related subject lines are so successful because pandemic related emails are affecting people’s judgment. According to Stu Sjouwerman, CEO of KnowBe4, “During this pandemic, we’ve seen malicious hackers preying on users’ biggest weak points by sending messages that instill fear, uncertainty and doubt.”
LinkedIn is also becoming a valid Phishing Concern
Most of us primarily use LinkedIn in a professional capacity to build connections, find prospective businesses, or to hire professionals. Recently, there has been a pattern of fake LinkedIn messages being used to target users with phishing content. Victims are falling for it because they appear to be coming from a “professional network”. This is a clever tactic for cyber criminals since many LinkedIn users use their corporate email addresses for their account. Some of the top-clicked phishing subject lines from LinkedIn include password resets, tagged photos and new message notifications.
By the end of Q3 2020, tens of thousands of email subject lines from simulated phishing tests were examined and reported. The report also included ‘in-the-wild’ email subject lines which are actual emails that users received that they reported to their internal IT departments or provider as “suspicious”. Here are the findings:
The Top 10 Most-Clicked Email Subject Lines Globally for the past quarter:
- Payroll Deduction Form
- Please review the leave law requirements
- Password Check Required Immediately
- Required to read or complete: "COVID-19 Safety Policy"
- COVID-19 Remote Work Policy Update
- Vacation Policy Update
- Scheduled Server Maintenance - No Internet Access
- Your team shared "COVID 19 Amendment and Emergency leave pay policy" with you via OneDrive
- Official Quarantine Notice
- COVID-19: Return To Work Guidelines and Requirements
Most Common ‘In-The-Wild’ Emails in Q3 2020:
- Microsoft: View your Microsoft 365 Business Basic invoice
- HR: Pandemic Policy Update
- IT: Remote Access Infrastructure
- Facebook: Account Warning
- Check your passport expiration date
- TeleMed Appointment Reminder
- Twitter: Confirm your identity
- Apple: Take part in our iPhone 12 trial and enter for the chance to win a FREE iPhone12
- Exchange ActiveSync service disabled for [[email]]
- HR: Benefit Report
Client User Support for Phishing Attacks
Phishing attacks are a major concern. If you are one of our
clients, you can speak directly with the
Client Strategy Team to talk about phishing tools and training for your staff. There is also a free cyber training course located in the “University” in your PACE Technical Portal that you can take advantage of.
If you are not a PACE Technical client, you can book a meeting here and take advantage of our free Phishing and Cybersecurity resources below:
