2/3rds of Malicious Emails Don’t Have Subject Lines, New Data Reveals

A common tactic deployed by malicious actors is to send phishing emails because of the fact that this is the sort of thing that could potentially end up tricking people into giving up their private data. Many of these emails can be easily detected by noticing their subject line, but with all of that having been said and now out of the way it is important to note that around 67% of emails that have malicious links in them don’t contain anything in the subject line.

That means that the vast majority of phishing emails don’t have any kind of subject to speak of, but in spite of the fact that this is the case people still seem to be clicking on them rather frequently. This data comes from the latest quarterly report released by Expel which discusses some of the more prominent security threats that businesses are being faced with.

The remaining 33% of phishing email subject lines are split between various topics. Around 9% of phishing emails contain the subject line “Fax Delivery Report”. 6% are posing as Business Proposal Requests, whereas 4% only have the word Request featured in the subject line. Another 4% use the term “Meeting” to give their phishing emails an air of authenticity.

This suggests that parsing emails based on subject lines is no longer going to be a viable way to mitigate these kinds of phishing attacks. Users should instead rely on various other detection methods such as paying attention to the grammar used in the body of the email text. Most phishing scams are conducted by malicious actors who do not speak English as their first language, and this leads to them making all sorts of syntax and grammar errors in the text which would give them away.

Another thing to look into is the domain name that the email address belongs to. Official communication from businesses will use custom domain names, so any email that doesn’t come from such a domain should be viewed with suspicion. Being cautious while opening emails can reduce the severity of phishing attacks.

Read next: Transactional emails titled 'no reply' irritates a large percentage of consumers, says research
Previous Post Next Post