Go to top of page

Top 12 scam email subject lines

20 May 2019

Work emails with words like ‘request’ in the subject line are part of everyday correspondence for many of us. 

Cyber criminals know this and use popular words like these to target employees in business email compromise (BEC) attacks, which is where a cybercriminal impersonates a business representative to trick an employee, customer or vendor into transferring money or sensitive information to the scammer. 

The scammer does this by using an email address that closely resembles the business representative’s email address. The scammer might even send it from the business representative’s actual email account, if the scammer has managed to get access to it.

A recent report that analysed 360,000 BEC emails over three months has revealed the following top 12 most common subject lines used in emails targeting businesses. ‘Request’ accounted for over a third of all the messages analysed:

  1. Request
  2. Follow up
  3. Urgent/Important
  4. Are you available?/Are you at your desk?
  5. Payment Status
  6. Hello
  7. Purchase
  8. Invoice Due
  9. Re:
  10. Direct Deposit
  11. Expenses
  12. Payroll

By making messages appear as an urgent matter sent from a boss, colleague or supplier, scammers prey on their victims’ inclination to respond to these sorts of emails quickly without thinking. Last year alone, BEC cost Australian businesses reported losses of over $60 million, far surpassing the reported BEC losses in 2017 of $22.1 million, according to the ACCC’s latest Targeting Scams report (PDF).

Because BEC scams are usually well-researched and rely more on social manipulation than technical exploits, they can get past anti-virus programs and spam filters.

So how do I protect my business from BEC?

Educate, educate, educate! Teach your staff to be on the lookout for emails that:

  • Are from a supplier providing new bank account details.
  • Are unexpected. For example, the invoice came from a supplier you haven't dealt with in a while, or the payment amount differs from previous amounts.
  • Ask for an urgent payment or threaten serious consequences if payment isn't made.
  • Are sent from someone in a position of authority, particularly someone who wouldn't normally send payment requests.
  • Don’t look quite right. For example, the domain name doesn't exactly match the supplier's company name – double-check by looking at previous correspondence.

If your staff spot any of these warning signs, they should contact the company using a phone number they've obtained from an alternative source, such as the company's website.

Make sure your business doesn’t get used for a BEC scam! Use two-factor authentication to prevent scammers using your business email for BEC. Scammers will often try to compromise an email account by tricking a user into supplying email login credentials to a fake website. These credentials will then be used to log in to the account and send out BEC content to your contacts. 

More information 

Read more about how to prevent and recover from business email compromise on cyber.gov.au.

Invest in staff awareness of good cyber security practices with our Security Awareness Implementation Guide.