Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. But you can avoid such attacks by being patient, checking email addresses, and being cautious of sketchy-sounding subject lines.
7 dangerous subject lines to avoid
Cybercriminals initiate their attacks through hyperlinks or attachments within emails. Most of these attacks use urgency or take advantage of user trust and curiosity to entice victims to click. Here are examples of subject lines to be cautious of.
- Remember me? It’s Tim Timmerson from Sunnytown High! Criminals use social engineering tactics to find out the names of the people close to you. They may also hack a friend or relative’s email account and use their contact lists as ammo. Next, they research and impersonate someone you know, or used to know, through chats and emails. Not quite sure about a message you received? Hover your mouse over the sender address (without clicking) to see who the real sender is.
- Online Banking Alert: Your Account will be Deactivated. Imagine the sense of urgency this type of subject line might create. In your panicked rush to find out what’s going on with your account, you might not look too closely at the sender and the URL they want you to visit. At the end of March, a Bank of America email scam just like this was successfully making the rounds. Initially, the email looked completely legitimate and explained politely that a routine server upgrade had locked the recipient out of their account. At this point, when clicking the link to update their account details, an unsuspecting victim would be handing their login credentials and banking information over to cybercriminals.
- USPS: Failed Package Delivery. Be wary of emails saying you missed a package, especially if they have Microsoft Word documents attached. These attacks use the attachments to execute ransomware payloads through macros. Senior Threat Research Analyst Tyler Moffitt walks us through what it’s like to get hit with a ransomware payload from a USPS phishing email.
- United States District Court: Subpoena in a civil case. Another common phishing attack imitates government entities and may try to tell you that you’re being subpoenaed. The details and court date are, of course, in the attachment, which will deliver malware.
- CAMPUS SECURITY NOTIFICATION: Phishing attacks have been targeting college students and imitating official university emails. Last month, officials at The University of North Carolina learned of an attack on their students that included a notification email stating there was a security situation. The emails were coming from a non-uncg.edu address and instructed users to “follow protocols outlined in the hyperlink”. Afterward, the attacker would ask victims to reset their password and collect their sensitive information.
- Ready for your beach vacay? Vacation scams offer great deals or even free airfare if you book RIGHT NOW. These scams are usually accompanied by overpriced hotel fees, hidden costs, timeshare pitches that usually don’t pan out, and even the theft of your credit card information. Check the legitimacy of offers by hovering over links to see the full domain, copy and pasting links into a notepad to take a closer look, and by researching the organization.
- Update your direct deposit to receive your tax refund. The IRS warns of last minute email phishing scams that take advantage of everyone’s desire for hard-earned refunds and no doubt, their banking credentials.
Read between the lines
- Enable an email spam filter
- Hover over links before you click
- Keep your cybersecurity software up to date
- Disable macros to avoid ransomware payloads
- Ignore unsolicited emails and attachments
- Be on the lookout for the top 5 tax season scams
- Educate yourself on social engineering attacks
- Check the Federal Trade Commission’s scam alerts
Help us create awareness in the community around scams and phishing attacks with dangerous subject lines. From here on, education should be top of mind as our community begins to adopt safer online habits. Share this blog with your friends and family or get in on the #CyberSmart conversation by sharing a Tweet.
This seems like good advice
There is one or more reasons behind everything we do. So, what are some of the possible reasons behind behavior like spamming (sending unwanted advertising to people after they indicate they don’t want it) and phishing scams meant to rip people off in one way or another. Add to that the intentional propagation of false information to create public confusion and destroy trust.
Is all this mindless greed or a reaction to fear, anger, feelings of powerlessness, hopelessness and desperation in the world? What about war-for-profit that benefits a few at the expense of the many? Can we continue to tell ourselves that “greed is good” when it lacks any kind of moral component that would help us maintain any sort of balance, when it destroys the lives and property of others without regard? Whatever reasons or excuses we use to justify destructive behavior, we must face them if we want to overcome them. As each of us knows from personal experience, things only get worse until we do.
Another excellent question to ask ourselves is: are we here to be right or wrong, good or bad or, are we here to live and learn from our experiences? Are we partners in correction or partners in evolution? Whether we understand it or not, “change” begins with changes in what we think and feel, how we act and react. So, how we choose to answer the “right or wrong, live and learn” question will have a powerful impact on our future. We will either continue down our current path to self-destruction, or we will pivot and think our way out of our current dilemma. Blaming each other doesn’t solve a thing and we know it.
Ask yourself: what am I trying to teach myself; what do I want to learn? Can you feel the energy of these questions resonate with something deep within your inner self? I hope so because it will lead us all to the realization that exploring the nature of Being and Creation is the Ultimate Frontier! Until we can see ourselves in each other, there will be little peace.
Your advice is well taken but better still put a higher priority in catching these people & make them hurt financially. Don’t play defense, attacking them is the way to slow this down.
Thank you for sending out this information. I certainly needed the data.
Have trouble following your instructions to complete the necessary hook up for your protection service. Last time I just tried and tried, and after awhile just forgot. This time, I bonked my head on my keyboard, reaffirming my idiocy, and just continued reading emails. HELP.
Judy, please send me a direct message and I’ll be happy to make sure we get your Protection working in no time.
SocialCare@Webroot.com
Warm Regards,
Josh P.
Social Media Coordinator
I have gotten 5 out of 7! I do not understand why we can not stop them? I send copies to my bank at their “poof” web address. I get an email back saying think you. Two weeks later I get the same scam. My delete key is well worn
Frustrated
On a mobile device, where hovering doesn’t work, you can usually press and hold to get a pop-up menu asking what you want to do. It will include the address associated with the link. Hit cancel after you’ve checked it.
Thanks for the tip, Chris!
Warm Regards,
Josh P.
Social Media Coordinator
“Disable macros to avoid ransomware payloads”
I have no idea as to how to do this… and it sounds rather important. Can you tell me how to do this on my Windows 7 Professional 64-bit machine?
Clarke, there’s more information on macros and how to disable/enable them on Microsoft’s support site:
https://support.office.com/en-us/article/Enable-or-disable-macros-in-Office-documents-7b4fdd2e-174f-47e2-9611-9efe4f860b12?ui=en-US&rs=en-US&ad=US
Warm Regards,
Josh P.
Social Media Coordinator