This is the only thing to look out for in scam emails


Cybercriminals and scammers use a wide variety of social engineering techniques to trick you into opening their malicious emails, even if one in particular is a dead giveaway and worth looking for in your inbox.

According to a new blog post (opens in a new tab) of AtlasVPN based on data from the Expel Quarterly Threat Report Q1 2022 (opens in a new tab), two-thirds (67%) of scammers leave the subject line blank in their malicious emails. While other frequently used subject lines can also indicate that an email is likely a scam, a blank email is a major red flag.

By leaving the subject line of an email blank, scammers hope to pique the interest of potential victims who want to know why they received that email in the first place. Since a blank subject line may have already dismissed them, users are more likely to click on or reply to links in the body of the email.

Other Subject Lines to Watch

Common subject lines in malicious emails

(Image credit: Atlas VPN)

Although blank subject lines are the most common, other frequently used subject lines in malicious emails are business-related or attempt to instill a sense of urgency.

Of the subject lines reviewed by Expel’s Security Operations Center, the fax delivery report was the second most common at 9.01%, followed by the business proposal request (5.83%) and demand (4.20%).

With more employees work from home, cybercriminals also started using “Reunion” (4.07%) as the subject line in their malicious emails. When it comes to targeting consumers, “You have (1*) a new voicemail message” (3.46%) and “Order confirmation” (1.83%) are frequently used topics.

All of these tactics used in phishing and scam emails are designed to trick you into clicking on an email or the links in it without thinking too much. This is why you should always exercise caution when opening and responding to emails from unknown senders.

How to spot a phishing email

fish hook on a keyboard

(Image credit: Shutterstock)

Besides a blank subject line, poor grammar and spelling is another way to quickly identify phishing emails.

Since many cybercriminals and scammers are not from English-speaking countries, their writing may contain grammatical errors that native speakers would not normally make. At the same time, however, some attackers make mistakes on purpose in order to filter out less observant people because they are likely to be easier targets.

Looking closely at the domain of an email address is another useful tip for spotting phishing emails. Generally, no legitimate organization will send email from a public email domain such as Gmail, as they all have their own corporate email domains and accounts. This can be very useful when it comes to brand impersonation as Amazon’s emails only come from, so if an email uses another domain, it’s probably fake.

Finally, no company will ever ask you to send sensitive information such as your payment information via email. If an email contains a link or attachment that requires you to provide personal data, it is likely a scam.


Comments are closed.