Back to Blog Main

Common Signs of Phishing Emails

Decoding what's real from what’s fake can be a challenge.
  • Anti-Tank
  • Artillery
  • Atmospheric Aviation

You probably have an inbox filled with emails that are all trying to grasp your attention and make you act. But knowing how to weed out which email messages are legitimate takes some cyber-smarts. 

Research shows that email is the primary method of spreading 92% of all malware, and the U.S. is the target of 86% of all email phishing attacks. Whether you’re at home or work, email phishing attempts are relentless. Becoming aware of phishing email characteristics can help you protect your personal information while living in Washington, D.C., Maryland, Northern Virginia, New Jersey or elsewhere.

Having the skills to spot a phishing email can distinguish between a good day and a bad nightmare.

Phishing emails typically aim to steal credentials like passwords, account numbers, and payment methods. Phishers even have seasonal campaigns throughout the year that take advantage of certain times like the holidays and tax season. Nothing is off-limits for dedicated cyber thieves, and the levels they stoop to have no bottom. A look at their favorite “go-to” exploits is a great way to sharpen your phishing cyber-smarts.

It’s important to remember, phishing emails often have two dead giveaway traits:

Trusting the sender

Phishers disguise themselves as legitimate senders like Microsoft and Dropbox, someone you work with, or a friend you know or trust. The idea is to gain your confidence, especially those who have work-related contacts or use everyday trusted businesses like Amazon and FedEx.

Urgency or immediate action required 

The subject lines and messages are designed to be compelling and require some type of action from the recipient. Lines like “Your account needs verification” and “Your delivery requires further action” are common ploys. They can also target your interests to tug your heart strings with information easily found on social media.

Knowing if an email is ligament can be as simple as going directly to the source for verification. Never follow URL links or use phone numbers in an email because likely a phisher is on the receiving end. Type the actual URL yourself or use a previously trusted bookmark and check your account. Once there, you’ll be able to see if further action is genuinely needed.

Barracuda Networks researchers compiled a list of the top 12 most common subject lines used in phishing emails targeting businesses.

Top 12 phishing email subject lines

  • Invoice due
  • Re:
  • Request
  • Purchase
  • Follow up
  • Hello
  • Urgent/Important
  • Payment status
  • Direct Deposit
  • Expenses
  • Payroll

Since phishing remains one of the most effective tools in a hacker’s arsenal, they are continually tweaking and improving their tactics to be more effective.

Don’t be a victim. If your email inbox begins to overflow, stop and remember, “know first and act last.” Be sure that you know the sender is a legitimate source, and don’t act until you’re sure that action is necessary. Access Andrews Federal Credit Union’s online security center for more details on how to protect yourself from scammers.