Researchers reveal the email subject line most likely to result in victims supplying sensitive data.
“My most blessed friend sir or madam, greetings to you! I am the president of Kenya Petroleum and I am connecting with you for help in retrieving the sum of $635MILLION for which I will gladly give you half…”
Ah, the good old Nigerian prince email, also called 419 fraud after the telephone area code associated with many of these emails. Back when these first became a pop culture meme, some sources readily admitted that the ludicrous story lines and atrocious grammar were actually intentional. The goal was to seek out only the most gullible internet user in order to avoid wasting valuable time with people who saw through the scam.
As word has spread and the average tech user has become a little more savvy, scammers have had to switch tactics in order to stay ahead. With the increase in malware infections and ransomware attacks, one of the easiest ploys is to get the victim to do the dirty work for you, namely, to install malicious software or turn over sensitive information based on the content of a message.
Researchers have now figured out the email subject line that is most likely to result in a victim supplying necessary information, and the sheer irony of it would be laughable if the consequences weren’t so dire: “Official Data Breach Notification.” Yes, employees are most likely to fall for a phishing attempt that claims to be informing them of a serious situation.
Training is vital
Regardless of how much a company invests in cybersecurity protocols, that money is wasted the second an employee falls for a phishing attempt. That’s why comprehensive and routinely updated training is vital for every level of employee, without overlooking the fact that the CEO is just as likely to be scammed as an hourly wage secretary. All the IT investment in the world won’t protect a network from someone who obeys the most basic email.