The most effective Phishing phrases2 min read


The first thing people see when they receive an email is the subject line and this is decisive in their decision to open the email, so it is imperative to adversaries that they get it right and find the most effective phrases, In the Q3 of 2017 a study was conducted by KnowBe4, which analysed the most effective subject lines that were used by phishing emails, they all have the same motive, to become effective and convincing.

The common factor was the methodology of employing a scare tactic to provoke the user into making a quick, indecisive and rash decision by conveying a sense of urgency or importance.

Also, A slight amount of loss aversion is shown, using economics and decision theory, loss aversion refers to people’s tendency to prefer avoiding losses to acquiring equivalent gains, such as: “it’s better to not lose £10 than to find £10.” This is also the implication of risk aversion.

To make this theory more relevant to a cyber scenario, when receiving a spam email with an offer or limited time remaining message, you are more likely to act quickly and indecisively to take advantage as you will be put in a position where there is a fear of “loss” of that said item.


The most effective lines within the Q3 three months were found to be:

  1. Official Data Breach Notification (14%)
  2. UPS Label Delivery 1ZBE312TNY00015011 (12%)
  3. IT Reminder: Your Password Expires in Less Than 24 Hours (12%)
  4. Change of Password Required Immediately (10%)
  5. Please Read Important from Human Resources (10%)
  6. All Employees: Update your Healthcare Info (10%)
  7. Revised Vacation & Sick Time Policy (8%)
  8. Quick company survey (8%)
  9. A Delivery Attempt was made (8%)
  10. Email Account Updates (8%)

These lines were used and distributed by LinkedIn as the most effective method of spreading a phishing email, the other most trusted emails were from LinkedIn, Amazon and via Microsoft services.


So, how can I protect myself?

Verifying the email’s contents verbally is always a secure way to verify, before taking any action via email. If someone is asking you to take urgent action within your company, call them.

For emails emanating from big companies, check the address it comes from. They wouldn’t be emailing from a spotty mail server, you’ll know it’s really from them.

Additionally, inspect any links before clicking on them. Make sure the domain you’re visiting is the correct one.

It’s impossible to stay completely safe from phishing, but vigilance is the best defence. If it looks funny, verify it, and if it can’t be verified, leave it alone.

It is important to have a staff awareness training routine to make sure they are aware of these issues and will not be the weak point of the chain.

Lastly, Don’t be pressured into making a decision!.


Author: Taran Ranger, CyNation

United Kingdom

+44 020 3190 5000

PopHub Leicester Square
41 Whitcomb Street
London WC2H 7DT

The Netherlands

Oude Udenseweg 29
5405 PD Uden
The Netherlands

Newsletter Signup

%d bloggers like this: