Top 12 Most Common Phishing Subject Lines

Friday, December 4th

A typical spear-phishing email attempt will use vague but recognizable language in the email subject line to make it appear more realistic and increase open rates. For example, if the email in questions was supposed to imitate an internal communication between co-workers, then a simple and informal message such as "are you at your desk?" may be used as the subject.

After analyzing 360,000 phishing emails over a three-month period, researchers at a leading cybersecurity company have detailed the most common lines used in phishing attacks – these subject lines are the most common because it's highly likely they're often the most successful bait for reeling in victims.


According to the spear phishing report, by far the most common subject line used in attacks is simply 'Request' – accounting for over a third of all the phishing messages analyzed. That's followed in popularity with messages containing 'Follow up' or 'Urgent/Important' in the subject line.


The simple trick attackers are using here is to make potential victims think they need to open and respond to the email as a matter of urgency – especially if the message is designed to look as if it comes from one of their colleagues, or their boss. That could nudge the victim into responding quickly, without thinking, especially if it claims to come from a board-level executive.


The top subject lines are based around the following key phrases:

1.     Request

2.     Follow up

3.     Urgent/Important

4.     Are you available?/Are you at your desk?

5.     Payment Status

6.     Hello

7.     Purchase

8.     Invoice Due

9.     Re:

10.   Direct Deposit

11.   Expenses

12.   Payroll


'Are you at your desk' uses the trick of familiarly to try and coax victims into falling for the attack, while subjects suggesting the email is part of a previous conversation are also used for a similar goal – to trick the user into trusting the sender.


Many of the most-used subject lines also refer to finance and payments; if the recipient thinks they might lose money if they don't respond, they'll likely jump to it. The same also goes for messages about payments – an employee might think it will look bad if they leave somebody without being paid, especially if the request comes from someone who is their senior.


To avoid falling victim to phishing attacks, cybersecurity researchers recommend the implementation of DMARC authentication to avoid domain spoofing, along with the deployment of multi-factor authentication to provide users with an extra layer of protection. Those techniques should be combined with user training and the use of security software.


For help in setting up multi-factor authentication or with any other security questions, call the experts at I-Evolve.  716-505-8324 or