New research shows that phishing emails containing “LinkedIn” in the subject line are among the most successful, with an almost 50% open rate.
Phishing emails are still among the most common attacks hackers send to capture personal information, passwords, and infect devices with malware.
These emails often impersonate companies and try to get victims to open the email and either click on a malicious link or download a malicious attachment. Depending on the hacker’s goal, the attachment might infect your device with malware or the link might lead to a page designed for you to “log in” to a bank, social media, or other important account. The page, however, is fake, and designed to steal your log-in information.
New research by KnowBe4 and AtlasVPN sheds light into which kinds of emails are more successful at getting victims to open emails.
As you can see, emails that impersonate LinkedIn are far likelier to be opened, with some social media-impersonating phishing email being the next-best performers.
Hackers also target employees and customize those emails accordingly.
The best performing emails (from the hacker’s standpoint) were those tied to payroll and COVID-19. These emails often drive some kind of urgency or, in the case of payroll, tie the subject matter to an employee’s finances, which is likely to prompt quicker action.
Phishing emails have a few tells that you should keep in mind. There’s always a sense of urgency because the goal of the email is to get you to click or download something. And because they’re often impersonating a company, you may see something that’s off. Maybe they’re using an old logo, or aren’t linking to a website you recognize even though the company is one you’re familiar with.
Many of these hackers may not be native English speakers so strange grammar, wording, or spelling are also tells that you may have received a phishing email.
If you suspect one was sent to your company email address, feel free to reach out to HR or another appropriate person to double-check whether the email is legitimate. You’re much better off double-checking than clicking on something and putting your company at risk.
For more details on the phishing email research, check out AtlasVPN’s blog post here.