Phishing-Mails erkennen

As a provider of simulated phishing mails, SoSafe regularly analyzes the most successful subject lines in phishing mails and can thereby detect changes in the attack patterns of many hackers. As you might have already guessed – Corona also affects the area of cybercrime and has made it into the most clicked subject lines of SoSafe’s phishing simulation in 2020.*

The status quo: How real phishing mails attack users

SoSafe’s cybersecurity awareness platform trains and sensitizes employees to deal with phishing emails by using deceptively real looking simulations. To inform the simulation contents, SoSafe’s team of experts continuously analyze the tactics used in real phishing mails currently circulating in order to mimic attack scenarios that are as realistic as possible. Based on these analyses, the most frequent mails, scams and subject lines can be identified. Even if some phishing mails are easily identified by looking at technical components such as fake senders or fake links, detecting others can be a challenge even for trained employees. It is therefore also important to keep an eye on the psychological tricks the attackers use – in the emails and the subject lines, more specifically – to manipulate the emotions of the employees. After evaluating the most successful phishing mails of the first half of the year, 5 subject lines stand out clearly. In addition to familiar scams from the past years, a new phishing trick also made it onto the list in 5th place.

Social Hacking Angriffstaktiken

5th place “Stricter face mask policies starting next week”

  • Scam: Curiosity/Interest
  • Background: Corona as a topic of major public interest paired with human curiosity – a combination that obviously works. In this phishing mail, employees have supposedly been sent information that affects their behavior and possibly restricts their freedom. Everyone wants to know about such policies, if only to be able to behave correctly in the future. The hackers know this all too well, so your motto should be: Always be skeptical when emails referring to COVID-19 end up in your inbox.

4th place. „Job application“

  • Scam: Curiosity/Interest
  • Background: A classic phishing email. Fraudsters send alleged applications not only to HR departments, but often to the rest of the company, as well. The emails are very simple and generically structured, so that many employees can be lured with little effort. Who is applying? How does this person look like? Will someone new be hired in my department? Many questions that immediately come to the employee’s mind and lead to careless clicks on attached files. A phishing classic that is even more successful than before due to Corona. That is because the job market has been strongly affected and more applications than usual are sent, often on the initiative. This adds to the credibility of the scam. As a preventive measure, employees should not only undergo general awareness training, but also be trained in how to handle secure and insecure file formats.

3rd place “Payroll for August”

  • Scam: Routine issues

  • Background: The HR department sends monthly pay slips by email? Then it doesn’t seem surprising that the payroll for August is sent out two days earlier than usual. This social engineering scam is a so-called routine matter. Considering the click rate, this subject line is simple but dangerous! Employees have to be cautious, especially with such “inconspicuous emails”. This is because employees might be less alert to possible phishing signs. In these cases, the slightest suspicion is important: You are approached with your last name, even though the HR department usually calls you by your first name? Checking with the HR department can quickly clarify whether the email is genuine.

Phishing-Template Passwortüberprüfung sofort erforderlich

2nd place “Password verification required immediately”

  • Scam: Urgency / Fear
  • Background: A further means of making phishing attacks successful is to create pressure. This is why emails containing terms such as “please reply immediately”, “urgent”, or “immediately” are particularly successful. An alleged misuse of the business email address creates a feeling among employees that they have to act quickly. The result: employees are not vigilant enough and quickly click on malware links, with the goal of protecting themselves and the employer. Excessive urgency is, however, a common sign of phishing emails. It is best to take a deep breath and, if in doubt, contact the IT department.

1st place “Agenda for next week’s meeting”

  • Scam: Belief in authority
  • Background: So simple – and yet so effective. The most frequently clicked subject line in the SoSafe phishing simulation uses a perfidious scam that relies on the employees’ belief in authority. “The fraudster simply takes advantage of the natural hierarchy or dynamics in a company, for example by posing as a supervisor. From a psychological point of view, it is very understandable that the employee feels a certain pressure or sense of responsibility and therefore clicks. That is what makes this scam so dangerous,” says Dr. Niklas Hellemann. Whether out of sheer curiosity about what the agenda looks like, or to prepare for the upcoming meeting – either way, by clicking on the link employees allegedly fulfil their duties which makes this scam particularly treacherous and difficult to detect. Here it is important to pay attention to whether the email deviates from the usual meeting agenda in form and address. No hacker will manage to imitate the tone completely. So, as always, being alert is the most important motto.

With awareness training against phishing attacks

Training and sensitizing employees on IT security issues is essential for all described attack scenarios. Trained employees who know how to consciously deal with such IT security risks can react early on and ward off fatal incidents in the company. This is one of the reasons why various compliance frameworks, such as ISO 27001 or the GDPR, require the continuous training of employees in IT security topics – in the case of ISO 27001 even a form of simulated social engineering attacks. In addition to information campaigns on cyber security and employee trainings, for example in the form of digital and electronic learning courses, phishing simulations are helpful tools for sustainable awareness building in companies and organisations.

*This article refers to results from the German phishing simulation. SoSafe observed similar results in simulations conducted in other languages.

About SoSafe

The SoSafe awareness platform sensitizes and trains employees in dealing with the topic of IT security. Phishing simulations and interactive e-learnings teach employees in an effective and sustainable way on what to pay particular attention to when using e.g. e-mails, passwords or social media. The employer receives differentiated reporting and can finally make awareness building measurable – of course completely GDPR-compliant.