Threat actors use phishing attacks by fooling victims into clicking on malicious links or attachments in order to spread malware through employee machines or steal personal data.

Phishing attacks are crafted specifically to seem as though they fit into real life situations, better known as social engineering.

When Covid-19 forced much of the world into lockdown last year, many subject lines and emails contained Covid-19 related information. These emails are made to be clicked, so it makes sense threat actors aim toward topics which have the most attention at the time.

Here are some common subject line phrases:

  • Request
  • Follow Up
  • Urgent
  • Are you available?
  • Payment
  • Hello
  • Purchase
  • Invoice
  • Direct Deposit
  • Expense
  • Payroll

In general, threat actors are financially motivated for the cyber crimes they commit. As you can tell from this list, many of the subjects involve some sort of financials. They’ll usually say you’re missing some important piece of information and that you need to enter more in order to resolve the issue.

Another key component to understanding phishing attacks is that the attacks may seem random, but they usually don’t come by way of the spray and pray method. Threat actors behind these attacks are aiming at your organization because of some key factor. Whether it’s the industry your organization is in, the size of your business, or a state-sponsored threat targeting a certain country, they have some reason to send these emails.

Don’t click on emails from senders you are not familiar with. If you have not communicated with the sender in the past, clicking the links within their emails is not suggested and is one the easiest ways to avoid compromising your entire organization.

If you’re a leader in your organization, it’s important your team and employees are aware of the ways threat actors will look to phish your company. Simple training and awareness can go a long way, but to truly remain secure from malicious threats, incorporate a security team who has the ability to block threats from installing malware on your machines. SpearTip’s ShadowSpear® Platform blocks executables from executing and detects threats before they ever get to your machines. This in addition to many certified engineers monitoring your network 24/7 is a great way to strengthen security posture.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.