Subject Line - IT'S A TRAP!

October 20th, 2016

"Business E-mail Compromise," or BEC, is the name for malicious attempts to use a fake Reply-to field or a fake Display Name to compromise humans' money or information. For example, an attacker sends an e-mail with the Display Name set as that of the CEO. Employees without alert skepticism may respond to the implied trusted request, not noticing that the money or data is actually going to the attacker.

Here are the top ten recent BEC Subject Lines, in descending frequency:

  • Request
  • Payment
  • Urgent
  • hello
  • hi
  • Follow up
  • Quick One
  • Urgent Request
  • [blank]

The first five make up over 20% of the imposter e-mails.

In contrast, please review a list from one month of one address at MSA - one of our defensive layers blocks these messages from ever arriving in an Inbox. These messages have malicious content that encrypts files and forces you to pay a ransom or restore from a safe backup. Notice the variety in Subject Lines as well as the improbable From names & e-mail addresses. 

email block list

If you are not blocking these messages, please use caution and common sense before opening or previewing anything like these samples!

Posted by Jim Sherrill | Topic: News  | Category: Security
Medical Software Associates. 1021 McCallie Avenue. Chattanooga, TN 37403