The ‘password reset’ email phishing scam is still extremely effective

online security africa phishing

People are still falling for password reset phishing schemes online, this according to a report by KnowBe4.

Phishing is the act of fraudulently attempting to garner sensitive information through fake emails, forms or sites parading as the real thing.

The security firm published its Q4 2019 survey of “tens of thousands of email subject lines from simulated phishing tests” from around the globe. It then noted which of these subject lines were most effective.

Password resets, deactivations and employee raises

It found that subject lines that included password reset information — scare tactics, effectively — received more than 51% of all clicks.

Fake mails from HR regarding employee raises (8%), fake shared document notices (8%) and Office 365 deactivation notices (14%), claimed the bulk of the remainder.

The subject lines verbatim are as follows:

  • Change of Password Required Immediately – 26%
  • Microsoft/Office 365: De-activation of Email in Process – 14%
  • Password Check Required Immediately – 13%
  • HR: Employees Raises – 8%
  • Dropbox: Document Shared With You – 8%
  • IT: Scheduled Server Maintenance – No Internet Access – 7%
  • Office 365: Change Your Password Immediately – 6%
  • Avertissement des RH au sujet de l’usage des ordinateurs personnels – 6%
  • Airbnb: New device login – 6%
  • “Slack: Password Reset for Account – 6%

The company also looked as “in the wild” subject lines, which capitalised on using company names as headers, including Coinbase, Cash App, Google, Microsoft, and FedEx.

Phishing in recent years

Globally phishing remains a time bomb for both consumers and companies.

Security firm F5 found that phishing attempts ballooned over major global holidays in 2019, including Ramadan, Mother’s Day, Black Friday and Christmas.

Phishlabs also suggested that just under 84% of attaacks in 2018 targeted five industries: financial, email, cloud, payment and software-as-a-service.

In South Africa, 88% of companies experienced a phishing attack attempts at some point in 2019.

Feature image: iAmMrRob via Pixabay

Andy Walker, former editor


Sign up to our newsletter to get the latest in digital insights. sign up

Welcome to Memeburn

Sign up to our newsletter to get the latest in digital insights.