Close this search box.
Close this search box.
Close this search box.
blog hero


Get the latest in print & creative arts business updates, trends, and inspiration.

Most Common Subject Lines In Phishing E-Mails

The stakes for companies to be hacked are growing with each passing year; the most common way a business’s database and vital information is exposed is due to employees clicking on malicious e-mail links.

Many attempts to get employees to open and click on dangerous links are crude and easily detectable. But cyber criminals have grown sophisticated and have started employing subject lines and content in the body of their phishing e-mails that looks legitimate enough.

The first line of defense for all organizations is their employees and all it takes is for one of them to click a link in a phishing e-mail that can expose their company to a host of cyber attacks, such as business e-mail compromise and ransomware attacks.

Many of these e-mails recycle the same subject lines again and again, and a recent report by KnowBe4, a cyber security training firm, found that 40% of phishing e-mail subject lines are human resources-related. Also, the body of the e-mail often creates a sense of urgency for the targeted worker to act quickly.


You can train your staff to beware if they receive an e-mail with one of these most common subject lines:

  • HR: Vacation Policy Update
  • HR: Important: Dress Code Changes
  • Password Check Required Immediately
  • HR: Your performance evaluation is due
  • Weekly Performance Report
  • LinkedIn: Who’s searching for you online?
  • IT: Internet Report
  • HR: Please update W4 for file
  • Acknowledge Your Appraisal
  • Employee Expense Reimbursement for [[e-mail]]

And the following are the most common bogus e-mail subjects that employees reported to their superiors as suspicious:

  • Equipment and Software Update
  • Mail Notification: You have 5 Encrypted Messages
  • Amazon: Amazon – delayed shipping
  • Google: Password Expiration Notice
  • Action required: Your payment was declined
  • Wells Fargo: Transfer Completed
  • DocuSign: Please review and sign your document
  • IT: IT Satisfaction Survey
  • Zoom: [[manager name]] has sent you a message via Zoom Message Portal
  • Microsoft: Microsoft account security code

Phishing e-mails are also growing more difficult to detect. According to KnowBe4, besides real-looking subject lines, cyber criminals will employ different techniques to lend legitimacy to their e-mails, including:

Spoofing the company’s domain — These e-mails appear to come from the user’s domain, either because someone has spoofed the domain or uses one that is almost identical to the company’s domain.

Branded  — The e-mail body includes the employer’s logo, name and address.

Credentials landing page — A phishing link directs the employee to a data entry or log-in landing page that mimics their employer’s page by using the company’s logo, colors and images.

Most of these e-mails will launch malicious code if the recipient either clicks on a link or opens an attached file, typically a pdf.


When criminals target an organization for attack, they will often start by doing a deep search online for employees’ e-mail addresses. Sometimes companies will have nearly everyone one of their employees’ e-mail addresses on their website. The more workers a company has, the more susceptible they are to attack.

According to KnowBe4, once they have those e-mails they can start sending the employees e-mails that “supposedly coming from Human Resources, the CEO or perhaps the mail room, and social engineer your users to click on a link.

Besides firewalls and other safety protocols, you should prioritize training your staff to detect and report any suspicious e-mails. First and foremost, they should avoid clicking on links or opening attachments unless they are sure that the e-mail is from a trusted source.


Taking precautions is the first defense. You also want to be prepared if (and unfortunately mostly likely when) something slips through the cracks and your business is attacked by purchasing Cyber risk insurance. Cyber risk insurance will protect your business financial, limit downtime, and greatly reduce your stress.

VMA has partnered with Cowbell Cyber to get our members the best prices (it costs much less than you’d expect) and fantastic coverage. Contact Shannon Wolford, VMA Director of Membership and Sales for more information at 415-710-0568 or shannon@visualmediaalliance.org.

2024 Student
Scholarship Application

To complete your application please provide the referring teachers information in the form below. The referring teacher’s email must be associated with an accredited Northern California college.

2024 Student
Scholarship Application

Sign Up to Start Receiving Chronicles

Contact me for the next session

Contact me about the next Print 101 class


Get a Free eBook on using Ancilliary Benefits to Retain Employees