Here are the top lines used in phishing campaigns by cyber scammers – with fake invoices by far the most widely used bait.
- Please see your invoice attached. So called “money-out” lures are the most popular with phishing attackers by a wide margin, accounting for almost half of all observed phising campaigns. The invoice due is the most commonly seen lure, with the benefit for the scammers that it will most likely be opened in corporate accounts departments.
- Click here to open your scanned document. Astonishingly, these accounts for about one in 10 phishing campaigns – astonishing because who scans documents these days? However, for some these lures have an inherent urgency, coupled with a historic association of fax with phone lines and audio, which aren’t naturally associcated with malware.
- Your package has shipped – your shipping receipt is attached. While some of these emails employ stolen branding from major shipping and delivery vendors in order to create a more realistic and convincing email, others purport to be directly from the vendor. Shipping notification email scams often include a document attachment with apparent delivery details.
- Please verify this transaction. Phishing emails in this category typically appear to be from a bank or other financial institution and lure the user with the news of an electronic or online payment intended for the recipient, once they have verified or corrected the account information in the attached document.
© Good Sense Security LLC — June 2020