Subject Lines That May Indicate a Spear-Phishing Attempt

Spear Phishing

By now, even those who aren’t regular users of email know not to open messages from Nigerian princes or other similar scams. However, hackers have morphed these scams into comprehensive and targeted campaigns that are both effective and extremely hard to stop.

Phishing attempts via email or messages are one of the most common security challenges that both organizations and people face in keeping their information confidential and secure. Whether it’s getting access to credit or debit cards, phone numbers, passwords, or other confidential data, hackers use email and other communication platforms to steal sensitive data. Organizations, of course, are a valuable target.

Spear phishing, on the other hand, involves sending emails to particular and well-researched targets while claiming to be a trusted sender.

The hackers intend to infect devices with malware or convince targeted people to hand over sensitive data or money.

Traditional spear-phishing campaigns either consists of infected files attached to the email or a malicious zip file. Now, bad actors have more sophisticated methods. Many infected documents are now housed on genuine websites such as Dropbox, Google Drive, Box, or OneDrive, as bad actors are aware these sites are unlikely to be blocked by the IT department.

London Blue, the Nigerian criminal group, had previously gathered information on CFOs and other financial institutions through commercial lead generation sites. Social media platforms such as Twitter and LinkedIn provide other significant data, including a person’s professional relationship within a company, and are hence helpful sources for hackers to figure out the best target and impersonation. Official websites might provide insights into technology, operations, and suppliers, while Facebook and Instagram likes might provide insight into potential targets.

After studying around 360,000 phishing emails for three months, a team of researchers at Barracuda Networks have narrowed the list down to the most common subject lines used in spear-phishing attacks. These lines often have the most successful bait for reeling in targets.

Barracuda Network’s spear-phishing report suggested that the most common subject line used in attacks is ‘Request’ — which leads to more than one-third of all the phishing messages analyzed. ‘Follow up’ and ‘Urgent/Important’ stood next in the subject line.

The basic idea behind spear-phishing attacks is to make potential targets think they need to urgently open and respond to an email, especially when the email was designed to look as if it was sent from one of their team members or their boss. This would lead to the victim answering the email immediately, without thinking.

Given below are some of the most common subject lines based on the analysis by Barracuda Networks:

  1. Request
  2. Follow up
  3. Important/ Urgent
  4. Hello
  5. Are you available? / Are you at your desk?
  6. Payroll
  7. Payment Status
  8. Invoice Due
  9. Expenses
  10. Re:
  11. Purchase
  12. Direct Deposit

Threat actors use the ‘Are you at your desk?’ subject line to convince their target to open the email. Additionally, subject lines suggesting that the email is a part of the previous conversation are also designed to trick the victim into trusting the sender, thereby propelling them to respond to the email.

A majority of the subject lines have finance and payments backgrounds. If the victim thinks that they risk losing money if they don’t respond, they’re more likely to jump into it. The same goes for emails related to finance and payments. A person might think it’d be bad for their professional relationship if they don’t pay up, especially if the request comes from their senior or boss.

The Bottom Line

To avoid falling victim to spear-phishing attacks, cybersecurity specialists recommend implementing the DMARC authentication protocol to avoid domain spoofing. Additionally, users are suggested to deploy multi-factor authentication that provides an extra layer of protection. These protocols should be implemented alongside a security software and user training.


Related articles

Contact us

Partner with 4iT for your Sydney based business

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Your benefits:
What happens next?

We Schedule a call at your convenience 


We do a discovery  meeting 


We prepare a proposal 

Schedule a Free Consultation

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.