Cybercriminals often try to create a sense of urgency in their phony attempts to swindle unsuspecting users out of crucial information with subject lines that would compel the unsuspecting user into opening the phony email and potentially downloading malicious attachments.

Unfortunately, they rarely announce themselves in phishing attacks and some even have the ability to appear to come from semi-trusted sources.

To combat this, Barracuda Networks researchers compiled a list of the top 12 most common subject lines used in phishing emails targeting businesses.

Researchers analyzed over 360,000 phishing emails over a three-month period and found the most common subject line used in attacks is simply ‘Request’ – accounting for over a third of all the phishing messages analyzed, according to the Barracuda Networks’ Spear Phishing: Top Threats and Trends report.

By making the message appear as an urgent matter sent from a boss or colleague, this could nudge victims into responding quickly without thinking.

The report found the top 12 subject lines were as followed:

  1. Request
  2. Follow up
  3. Urgent/Important
  4. Are you available?/Are you at your desk?
  5. Payment Status
  6. Hello
  7. Purchase
  8. Invoice Due
  9. Re:
  10. Direct Deposit
  11. Expenses
  12. Payroll