The five most dangerous email subjects to watch for

The five most dangerous email subjects to watch for

Summary: Phishing campaigns are constantly evolving and it can be too easy to fall for them -- so what types of email should you stay vigilant against?

TOPICS: Security

New research has revealed the email subjects most likely to represent a phishing lure, as well as the ten countries that are most likely to host campaigns for cybercriminals.

According to researchers at Websense, as cloud infrastructure becomes more easily scalable and botnets can be hired relatively cheaply -- their availability obvious should you choose to skim over a number of hacking forums -- the cost of conducting extensive phishing campaigns has also declined.

If a cybercriminal chooses to go phishing, this usually results in communication over social media or email which lures potential victims to click on links that download malicious code to a computer system. The emails may impersonate reputable firms such as banks, electronic fund transfer services or retail stores -- and often come complete with replica websites, logos and authentic-looking email addresses. Once clicked upon, the cybercriminal attempts to make consumers input valuable information, such as bank account details or account passwords. However, malicious software could also act as a trojan, keylogger or ransomeware. 

A recent example is a U.K.-based phishing campaign posing as the HMRC tax office. The phishing emails say that the user is entitled to a tax refund and sends you along to a form which asks for information including name, address, bank details and card verification number.

Websense says that while the percentage of phishing attempts within all email traffic dropped to 0.5 percent in 2013 -- down from 1.12 percent in 2012 -- this is not necessarily good news. We may be receiving less of them, but campaigns are now far more sophisticated and targeted as criminals use additional resources in making campaigns more successful.

According to the researchers:

"Today's phishing campaigns are lower in volume but much more targeted. Cybercriminals aren't simply throwing millions of emails over the fence. They are instead targeting their attack strategies with sophisticated techniques and integrating social engineering tactics. Scammers use social networks to conduct their recon and research their prey. Once the intelligence is harvested, they use that information to carefully construct email lures and yield maximum success."

In addition to social engineering, location also plays a part. By rank, the top ten countries hosting phishing URLs are as follows:

1. China
2. United States
3. Germany
4. United Kingdom
5. Canada
6. Russia
7. France
8. Hong Kong
9. Netherlands
10. Brazil

Read this

The world's biggest data breaches and hacks of 2013

The world's biggest data breaches and hacks of 2013

From Facebook to Adobe, 2013 has been a tough year for companies looking to defend against cybercrime.

Websense says that interestingly, this is the first year China has made the list -- and what a debut it must have been to shoot to the top of the list, knocking the U.S. off its customary perch as the top malicious URL host. In addition, the U.K. has moved up from the sixth spot in 2012, and Russia is hosting more phishing URLs than ever before, being bumped up from the 10th spot last year.

But what subject lines are most likely to dupe an individual or business in to falling for a phishing campaign? Based on the researchers' findings, the top five which are most likely to be clicked upon are:

1. Invitation to connect on LinkedIn
2. Mail delivery failed: returning message to sender
3. Dear Customer
4. Comunicazione importante
5. Undelivered Mail Returned to Sender

To combat phishing attacks, installing a strong security solution can alert you before malicious files are downloaded to a system or if you visit a website that is not legitimate. However, common sense is also key -- for example, if you are not a member of a particular bank or haven't recently conducted a transaction online, be extra careful before you open any emails. If in doubt, call the company in question. Below is also the Websense Security Labs infographic on this research:

Credit: WebSense


Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Top 5 spam keywords in my junk email address

    I use my Yahoo! address in order to sign up for junk services. What I find notable is who they sell that information to, which seems to be mostly scams. Here's the common keywords that I see in my spam folder:

    1) Save, Sale, Reduced, or Free
    2) New
    3) Credit
    4) Singles
    5) Alert or Urgent

    On machines I've cleaned where people love to click on everything, it mostly installs Conduit Search ... and whatever else gets bundled with it.
  • Just remember..

    You can't win a contest you didn't enter. That's one of the most obvious scams, yet people fall for it all the time.
    KillBot Project
    • Nor can their be a problem with your bank account....

      ... at a bank you've never used in your entire life.
      Hallowed are the Ori
      • "there"

        Speaking of half-assed redesigns... bring back the damned Edit Post function, ZDNet.
        Hallowed are the Ori
  • My personal favorite is . . .

    . . . at least this month - "You Have a New Voicemail"
  • Strangest Phish of all

    I've gotten hundreds of phishing emails, and for some reason a massive increase the last week. But the weirdest I've gotten I'll reproduce below. It claims to be from a Mr. Robert Mueller (Fox?), but he wants you to send money to a Uzoukwu Cletus in Lagos Nigeria! The grammar and spelling errors make this hysterical. See how many you can spot.

    Anti-Terrorist and Monetary Crimes Division
    Fbi Headquarters In Washington, D.C.
    Federal Bureau Of Investigation
    J. Edgar Hoover Building
    935 Pennsylvania Avenue, NW Washington, D.C. 20535-0001 Website:

    Attention, this is the final warning you are going to receive from me do you get me?

    I hope youre understand how many times this message has been sent to you?.

    We have warned you so many times and you have decided to ignore our e-mails or because you believe we have not been instructed to get you arrested, and today if you fail to respond back to us with the payment then, we would first send a letter to the mayor of the city where you reside and direct them to close your bank account until you have been jailed and all your properties will be confiscated by the fbi. We would also send a letter to the company/agency that you are working for so that they could get you fired until we are through with our investigations because a suspect is not suppose to be working for the government or any private organization.

    Your id which we have in our database been sent to all the crimes agencies in America for them to inset you in their website as an internet fraudsters and to warn people from having any deals with you. This would have been solved all this while if you had gotten the certificate signed, endorsed and stamped as you where instructed in the e-mail below.this is the federal bureau of investigation (fbi) am writing in response to the e-mail you sent to us and am using this medium to inform you that there is no more time left to waste because you have been given from the 3rd of January. As stated earlier to have the document endorsed, signed and stamped without failure and you must adhere to this directives to avoid you blaming yourself at last when we must have arrested and jailed you for life and all your properties confiscated.

    You failed to comply with our directives and that was the reason why we didn't hear from you on the 3rd as our director has already been notified about you get the process completed yesterday and right now the warrant of arrest has been signed against you and it will be carried out in the next 48hours as strictly signed by the fbi director. We have investigated and found out that you didn't have any idea when the fraudulent deal was committed with your information's/identity and right now if

    you id is placed on our website as a wanted person, i believe you know that it will be a shame to you and your entire family because after then it will be announce in all the local channels that you are wanted by the fbi. As a good Christian and a honest man, I decided to see how i could be of help to you because i would not be happy to see you end up in jail and all your properties confiscated all because your information's was used to carry out a fraudulent transactions, i called the efcc and they directed me to a private attorney who could help you get the process done and he stated that he will endorse, sign and stamp the document at the sum of $98.00 usd only and i believe this process is cheaper for you.

    You need to do everything possible within today and tomorrow to get this process done because our director has called to inform me that the warrant of arrest has been signed against you and once it has been approved, then the arrest will be carried out, and from our investigations we learnt that you were the person that forwarded your identity to one impostor/fraudsters in Nigeria when he had a deal with you about the transfer of some illegal funds into your bank account which is valued at the sum of $10.500,000.00 usd.

    I pleaded on your behalf so that this agency could give you till 11/30/2013 so that you could get this process done because i learnt that you were sent several e-mail without getting a response from you, please bear it in mind that this is the only way that i can be able to help you at this moment or you would have to face the law and its consequences once it has befall on you. You would make the payment through western union money transfer with the below details.

    AMOUNT: $98
    Senders name======

    Send the payment details to me which are senders name and address, mtcn number, text question and answer used and the amount sent. Make sure that you didn't hesitate making the payment down to the agency by today so that they could have the certificate endorsed, signed and stamped immediately without any further delay. After all this process has been carried out, then we would have to proceed to the bank for the transfer of your compensation funds which is valued at the sum of $10.500,000.00 usd which was suppose to have been transferred to you all this while.

    Note/ all the crimes agencies have been contacted on this regards and we shall trace and arrest you if you disregard this instructions. You are given a grace today to make the payment for the document after which your failure to do that will attract a maximum arrest and finally you will be appearing in court for act of terrorism,money laundering and drug trafficking charges, so be warned not to try any thing funny because you are been watched.



  • possible solution

    I use a white list approach for email. You can send me an email but if it is not on my accept emails list I never see it. It is intercepted at the server and eliminated. So unless I preapprove your email it doesn't get delivered. It doesn't stop someone from spoofing an accepted email sender but every none business contact on the whitelist has been instructed to add a couple of keywords to the subject line or their emails don't get through and so far spoofing attempts or virus on a friends computer haven't caught on. I also don't accept attachments without prior notification. This system won't work for a business looking for new customers but for private email accounts it does a great job. I use the same system on my cell phone.
  • Question

    I'd like to know more about the returned mail ones. Does it download malware if you just open it or does it have a link you must click to get in trouble. I was surprised by the returned mail idea,
    • poof mail returned mail etc

      DON'T OPEN IT AT ALL some spammers have the message encoded to nail you the minute you click to pen the mail if you see unrecognized email DELETE IT IMMEDIATELY it is not worth the risk. some of my friends and family have been foolish enough to open it
      that type of attack is rare but if you do open it and notice a link inside delete it. don't click anything inside any piece of questionable mail. best practice is delete it.
      Gizmo Inc and Graphics
      • correction to the subject line

        spoof sorry bout that
        Gizmo Inc and Graphics


    If you fall for anything like that, your name and address will be forwarded to Tea Party and NRA fundraisers.
    • Was That Truly Necessary?

      'will be forwarded to Tea Party and NRA fundraisers.'
      Yes, I guess it was. You couldn't actually help yourself...a sense of compulsion overwhelmed you?
      How long have you been......? O, forget it. I don't think you'd understand anyway.