A scammer’s best friend is a sense of urgency. If they can get you to do something before rousing suspicion, whether you eventually uncover the scam doesn’t really matter — it’s already too late to stop it.
The danger can be in something as simple as clicking a link inside an email. And that email might look like it’s from your bank, your boss, an old coworker or your phone company. This tactic is called phishing, and it can be done by impersonating anyone familiar to you.
If you’re distractedly checking your email, you could inadvertently click a scammer’s link in just a few seconds. Then, as the Federal Trade Commission explains, you’re opening yourself up to ransomware (which locks you out of your computer’s data until you pay the scammer), password theft, identity theft and more. The scammer can then use your email to propagate itself to everyone in your contact list.
Given the risk, computer security company KnowBe4 tracks the most common subject lines used to perpetrate these phishing expeditions and releases that information each quarter. Here are some of the most common bait subject lines that scammers have recently used to get people to click links in emails:
- Please review updated financial policies
- Zoom: The meeting has started! Where are you?
- IT: Laptop Refresh
- Meta: Suspicious Activity
- Sharepoint: [[manager_name]] shared “Test_Data” with you
- Microsoft: Microsoft’s new password requirements
- HR: Please verify your banking information
- DocuSign: DocuSign Account Suspension Notice
- Webmail: Security alert for [[email]]
- Refund has been processed to your account
So if you see any of these subject lines in your inbox, don’t click the links inside the message. If you think the email might be legitimate, go to the website in question — whether it is your bank or a retailer — to check the status of your account directly.
Aside from being vigilant about your inbox, the FTC lays out some valuable ways to protect yourself, including using security software and ensuring it updates automatically. Another important step is enabling multifactor authentication (sometimes called two-factor authentication or 2FA) so that scammers need more than just your password to get at your stuff.