Menu Close

The Most Popular Subject Lines for Phishing Threats are Revealing

A well-placed and timed phishing email can trick even the best and most cautious employees. Today we’re going to be taking a look at what makes these tricks successful and what subject lines you should be watching out for in a common phishing email. You might be shocked at the results that were found in a recent study.

In a report published by Expel, they revealed the most common subject lines used in a phishing email. These usually urge the reader to take immediate action. For employees that don’t think twice before downloading an attachment, this could be troublesome. 

Expel took a look at 10,000 malicious emails and compiled a list of keywords that were commonly used. The sense of urgency makes sense, but there are also other tactics used to get people to open their attachments.

Ben Brigida, Director and SOC of Operations at Expel, had this to say regarding the matter: “Attackers are trying to trick people into giving them their credentials. The best way to do this is to make the email look legitimate, prompt one clear action and lace it with emotion – urgency or fear of loss are the most common… The actions are as simple as ‘go to this site’ or ‘open this file,’ but the attacker wants you to be moving too fast to stop and question if it’s legitimate.”

The more direct and simple an email is, the more likely it will be that it will work. The emails are often composed in a simple way that makes it seem like it could be from a legitimate business source. Here are three of the most common.

  • Missing Inv ####; From [Legitimate Business Name]
  • INV####

These three subjects lines have to do with invoices, so an employee will think they are legitimate. One mentions something missing, which will invoke urgency in the reader. Out of all of the invoices they may be receiving on the daily, an email like this might not look suspicious. 

There might also be words like “verification required,” “required,” or action or service requestions. 

To stop common phishing emails like this from even reaching your team, reach out to MyTek today for help at 623-312-2444.

Table of Contents

"*" indicates required fields

This field is for validation purposes and should be left unchanged.


Our goal is to reinvent the managed IT experience for growing Arizona businesses through a partnership with no long-term commitments, technology options that are flexible to meet your needs and infrastructure and strategy that position your technology as a competitive advantage.

Download Our Price Sheet