Watch for top-clicked phishing email subjects

Every quarter, KnowBe4 reports on the top-clicked phishing emails by subject lines in social and general.

Social media is now a part of everyday business

A major trend this quarter is that half of all social media-related subjects looked like they were coming from LinkedIn. This particular message type has been trending upward quarter over quarter, which is significant because many LinkedIn users have their accounts tied to their corporate email addresses.

Such a high percentage increases the corporate risk of a phishing attack, ransomware breach, or other social engineering-related threat. Social media sites, in general, are a crucial piece in the cybercrime economy. According to recent research from Bromium, cybercriminals earn at least $3.25 billion per year from social media-enabled cybercrime.

As tempting as it may be to click in emails to see who viewed your profile or who wants to connect, it's more important than ever to think before you click and log in to your account directly.

Hacker's tap into emotions, causing panicked reactions

Aside from social media-related messages, a lot of subject lines contained phrases like de-activation of email, failed delivery, and action required to elicit a sense of urgency from the user. These types of attacks are effective because they cause a person to react without thinking logically about the legitimacy of the email. Notices about delivery attempts, Amazon orders, and HR-related messages also prove to be too enticing to ignore for many users.

Top-clicked social media related subjects in Q1 2019:

• LinkedIn: Join my network, profile views, add me to your network, and new InMail message;
• Facebook: Password change and primary email changed;
• Login alert for Chrome on Motorola Moto X;
• Your password was successfully reset;
• New voice message at 1:23AM; and
• Your friend tagged a photo of you.

Top 10 most-clicked general email subjects in Q1 2019:

• De-activation of [[email]] in process;
• A delivery attempt was made;
• You have a new voicemail;
• Failed delivery for package #5357343;
• Staff review 2018;
• Revised vacation & sick time policy;
• APD Notification;
• Your order with Amazon.com;
• Re: w-2; and
• Scanned image from MX2310U@[[domain]].

To help your credit union stay on top of security risk, Credit Union Resources offers IT Consulting services. We partner with you and provide expertise when you need it.

Assess your systems and manage your risk

As technology changes, every credit union faces new security issues. Let Credit Union Resources help you manage the process—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us. To find out how we can help you manage cybersecurity and operational risks, contact:

Idrees Rafiq
469-385-6799
800-442-5762, ext. 6799
irafiq@curesources.coop

About Credit Union Resources Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.

Sources: NCU-ISAO Daily Advisory and KnowB4