I have written an extensive piece on Social Engineering, which also covers about various Phishing Attacks while a separate article on Best Phishing Attack Vector of 2018. This post will show which Email subjects make the most of phishing categories for 2018, in other words: the subject lines that get unsuspecting users to interact with phishing emails the most. At the end I have added a Phishing Quiz made by Google which will test how good are you in identifying Phishing Attempts.
Hackers are playing into user desires to remain security minded. There’s also
an intrigue of mystery that often makes people curious enough to click
Phishing poses a serious threat on today’s Internet. While additional security features such as two-factor authentication may block some attacks it can never block “Human Error” , or “Element of Stupidity” as I call it, because it all comes down to users in the end and that’s what Phishing Attacks feed on. At times the attacks are so sophisticated that even the smartest tech savvy might fall prey for it , for instance the PunyCode Domain Vulnerability we say.
Top Social Media Phishing Email Subjects
The curiosity and feeling of importance that a tagged photo, profile view or endorsement can sail past an individual’s normal defenses. And everyone loves free pizza!
Social Media accounts are favourite of phishers and this year is no different. LinkedIn is at the top of the chart with 39% captured phishing email subjects while Facebook is on second with 18%. Phishing Attempts are made on such platforms where the chances of success are more which also shows that LinkedIn and Facebook are phishers favourite while Gmail came at the end with 3% captured emails.
Top 10 General Phishing Emails Subjects
Social Media is not the only platform which is targeted while sending out phishing emails, many other general topics are also touched like “Password Check Required Immediately” is at the top with 19% Email Subjects , because this subject captures the interest of the user and gives chances of success for the attacker.
Common Attacks – In the Wild
The desire to receive communications intended for the individual is strong. The potential of something being wrong and/or at risk also plays into the human psyche, leaving the individual to think that he/she must act immediately to resolve the issue. These types of attacks are effective because they cause a person to react before thinking logically about the legitimacy of the email. Other alerts that contain warning types of messages can bring about feelings of alarm and cause an individual to make a panicked decision.
The Phishing Quiz
The question is : Can you spot when you’re being phished?. You might say ‘obviously’ but it is not always that simple. Unlock the content to take the Phishing Quiz and see how good you are at identifying the malicious attempts.
Once you Open the Phishing Quiz page you will be need to hit the “Take the Quiz” button after clicking that fill in any imaginary Name and Email in the form and the quiz will start.
The Phishing Quiz is built on very clever questions and you will need to give it a good glance to understand if it is a Phishing or Legitimate Email.
I am sharing an example email from the quiz below so you may know what you have to expect:
If you see the question in above image , it all seems perfect unless you hover over the link which shows “drive–google.com” now that’s not a real link rather the official link is drive.google.com or google.com/drive. That is how Phishing Attempts are made.
I scored 7 out of 8 , labelled an Legitimate question as Phishing. No harm in being over protective.
How good did you score in the Phishing Quiz ? and Whats the funniest or weirdest Phishing Email you have received ?