• by Ray Schultz , September 19, 2018

Here is some free creative advice: Don’t use the following subject lines in emails. They are the top subject lines most used by phishing artists this year, and are likely to be spotted at once -- at least by companies with proper employee training, judging by the 2018 Webroot SMB Pulse Report, a study by Webroot.

According to Gary Hayslip, chief information security officer at Webroot, these are the most prevalent lines, typos and all:

• Review or Quick Review
• Bank of ; New Notification
• Charity Donation for You
• FYI
• Action Required: Pay your seller account balance
• Unauthorize login attempt
• Your recent Chase payment notice to 
• Important: (1) NEW message from 
• AMAZON : Your Order no #812-4623 might ARRIVED
• Wire Transfer
• Assist Urgently

The study also shows that phishing artists have small businesses clearly in their sights. Of 500 SMBs polled, 24% see phishing as the top threat to their firms.

Yet the same percentage doesn’t know their top threat, and it depends on their size.

Companies with 20 to 99 employees see employee naiveté as their leading threat, and only 22% see phishing that way. Firms with one to 19 employees still focus largely on ransomware -- last year’s top threat -- although they still list phishing as the worst security risk.

Yet 66% of businesses with one to 19 employees lack employee cybersecurity training. And 29% of the larger firms fail to provide it, along with 13% of companies with 100 to 500 employees.