Security experts will tell you that the last line of defense against cyber attack, especially through email, is the human being. No matter how good your systems are, if someone clicks on the wrong link at the wrong time, it’s game over.
A company called KnowBe4 which does “safe” testing of a company’s employees to see who may need some cyber awareness training, released a list of the top-10 most clicked email subject lines for the second quarter of 2017. The results are a great insight into the tactics used by attackers, who only need to find one person in an organization willing to click their link.
The list is summarized below, with the percentage of people who clicked on links contained in emails with these subjects:
- Security Alert – 21%
- Revised Vacation & Sick Time Policy – 14%
- UPS Label Delivery 1ZBE312TNY00015011 – 10%
- BREAKING: United Airlines Passenger Dies from Brain Hemorrhage – VIDEO – 10%
- A Delivery Attempt was made – 10%
- All Employees: Update your Healthcare Info – 9%
- Change of Password Required Immediately – 8%
- Password Check Required Immediately – 7%
- Unusual sign-in activity – 6%
- Urgent Action Required – 6%
What complicates matters even further is that many people believe emails which come from people they trust are therefore trustworthy. Unfortunately, nobody checks your ID’s when sending email on the internet. An attacker (or indeed anyone) can pretend they’re sending an email as anyone else, with ease.
The lesson of course is that it’s better to be safe than sorry! We always reinforce the points below regarding safe email practices for employees:
- Be skeptical about emails in general
- Pay more attention to shady subjects than who the sender is
- Train yourself on how to spot “bait” in email subjects or website links
- Train yourself to look at the full email address, not just the name, to spot fakers
- When in doubt, don’t click!