Back to Back Issues Page
Watch For Scams Newsletter. Phishing email subject lines
March 22, 2019

Phishing Email Subject Lines

Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.

If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below: Subscribe Here

Phishing Email Subject Lines

Phishing scams years ago were much easier to spot. Criminals were more careless back then and would regularly send emails full of typos and bad grammar. Fast forward to today and they're are using sophisticated tools to spoof messages and websites that make them look real. Phishing emails now probably include official company logos that make them seem legit.

That's just one trick to watch for. Another is a subject line that makes the email seem super urgent. Below are the most commonly used phishing subject lines along with ways to stay protected.

Phishing attacks don't just target the everyday person. Sometimes, they go after companies and their employees in what's known as Business Email Compromise scams.

Basically, the scammer attempts to trick employees into sending money transfers or handing out sensitive information, by impersonating executive email accounts. These attacks are initiated either by social engineering tricks, email spoofing or malware, targeting employees from companies.

Cybersecurity firm Barracuda recently analyzed 360,000 phishing emails to find out subject lines that were most commonly used and successful. There seems to be a theme to common subject lines: Scammers try to create a sense of urgency.

Top subject lines in BEC attacks:


Follow up


Are you available?/Are you at your desk?

Payment Status




Invoice Due


Direct Deposit



The simple subject line of "Request" was most commonly used, and it wasn't close. Request was used 36% of the time, with "Follow up" coming in a distant second at 14%.

The study also showed that over 70% of attack emails tried to establish a rapport or sense of urgency. And, many subject lines make it seem the topic had been previously discussed.

If you receive an email with any of the subject lines on the list, be cautious.

The most important rule to outsmarting phishing scams is to avoid clicking on malicious links. That means you shouldn't click on web links or open PDF attachments found in unsolicited email messages, it could be a phishing attack. If you need to conduct business with any company, it's always best to type its web address directly into your browser. Never trust a link that's inside a message.

If you believe you have been a victim of this type of scam you should promptly report it to the IC3's website at The IC3's complaint database links complaints together to refer them to the appropriate law enforcement agency for case consideration.

Remember - always watch for scams!


Back to Back Issues Page