The Most Common Email Keywords Everyone Should Know to Avoid Phishing Attacks

Phishing emails are by no means new, but as people spend most of their lives online during the ongoing COVID-19 pandemic, the possibilities are increasing. In fact, the number of phishing sites increased by 25% in 2020 compared to 2019.

One way to reduce the likelihood of fraud is to pay close attention to the emails they receive (or at least the ones they intend to open). To determine exactly what to look for, Expel analyzed 10,000 malicious emails and released a report on the most common keywords found in the subject of phishing emails. Here’s what you need to know.

Understanding scam tactics

An Expel report found that scammers use a combination of three strategies to get people to interact with their emails:

  1. Imitation of legitimate business activities
  2. Create a sense of urgency
  3. Encouraging the recipient to take action

“Attackers are trying to trick people into providing them with their credentials. The best way to do this is to legitimize the letter, induce one clear action, and spice it up with emotion — urgency or fear of loss is the most common, ” said Ben Brigida, director of SOC operations at Expel, to TechRepublic. “The actions are as simple as ‘go to this site’ or ‘open this file’, but the attacker wants you to move too fast to stop and ask if it is legal.”

Most common keywords used in subject lines of phishing emails

The full report provides additional details and examples of how and why these keywords are used in the subject lines of phishing emails. For now, here’s a rundown of a few that should be approached with extreme caution:


Examples of real subject lines:

  2. Missing Inv ####; From [Official Company Name]
  3. INV ####


Examples of real subject lines:

  1. New message from ####
  2. New Scanned Fax Delivery for ####
  3. New fax transmission from ####


Examples of real subject lines:

  1. Message from ####
  2. You have a new message
  3. Phone message for ####

the necessary

Examples of real subject lines:

  1. Verification required!
  2. Action required: expiration notification to [work email address]
  3. [Action required] Password expired
  4. Attention required. Support ID: ####

[Empty subject]

According to the report, “Blank subject lines are usually bypassed without automatic security measures — security cannot scan phishing or spam keywords if they are not there.”


Examples of real subject lines:

  1. Do you share a file in Google Drive
  2. [Name] sent you some files
  3. File- ####
  4. [Company name] Sales project files and RFQ


Examples of real subject lines:

  2. [Company Name] – Request Form W-9
  3. Your Service Request ####
  4. Request notification: ####


Examples of real subject lines:

  1. Action required: expiration notification to [work email address]
  2. Action Required: [Date]
  3. Action required: Verification message sent on [Date]
  4. [Action required] Password expired


Examples of real subject lines:

  1. File Document ####
  2. [Name], you have received a new document in the [Company System]
  3. [Name] shared a document with you


Examples of a real subject line:

  1. Verification required!


Examples of real subject lines:

  1. eFax with ID: ####
  2. EFax® message from “[phone number]” – 2 pages, Caller ID: + [phone number]


Examples of real subject lines:

  1. VM from [phone number] to ext. ### on Tuesday 4 May 2021
  2. Received VM from **** #### – for <[username]> July 26, 2021
  3. ‘”” ”1 VMAIL RECEIVED Monday 21 June 2021 03:02:55” ”


Leave a Reply

Your email address will not be published. Required fields are marked *