The cleverest of phishers are good social engineers. Often, they borrow a page from broadcast media and publishers, who are very good social engineers. Phishers recognize that controversial or scintillating headlines convince a passerby to purchase a newspaper from a newstand, a couch potato to pause mid channel-surf, or an Internet user to visit a web page . They use these same strategems when composing email message subject lines.
Whether in our home, office, automobile, airport lounge or elevator, we hear, read, watch or are passively exposed to some controversial or scintillating media broadcast every day. Even when we pay only part attention to this input, we often retain some element of the message. Phishers exploit this human behavior. Consider some of subject lines from my cache of recent phish emails, below.
The first batch prey on concerns over health and healthcare:
Subject: Learn all about Medicare/Medigap coverage Photo: George Eastman House |
I've omitted another dozen subject lines that promote weight loss, virility, beauty/Botox, and Acai Berry for better health. I can recall a mainstream media commercial, print ad, or news piece covering each of these issues or fads, can you? Many of these subject lines target seniors or individuals whose healthcare needs may be worrisome enough to convince them they should read on.
A second batch targets individuals who have economic worries:
Photo: onohoku |
Subject: The bailout is working for homeowners in need |
Everyone who is reading this blog has some inkling of the world economic situation. No one of us is entirely unaffected and many of us have friends and family who are struggling financially. Phishers are betting that our good will trumps our common sense and that we'll click to learn more or pass the message along to someone who might.
Phishers love holiday seasons and celebrate by exploiting our giving spirit:
Subject: Letter From Santa For Your Child |
Photo: George Eastman House |
If you shop online, you are probably receiving bulk solicited or direct mail from merchants. Phishers copy email sent by legitimate merchants and brands. They know money is tight and that in weak economies, bargain shopping is even more appealing so they try to convince you the deal is legit and too good to pass by.
This is a small sample of what you should expect, and all of these were delivered in the past five days. Here are some suggestions to help you avoid falling prey to the subliminal messaging phishers employ in subject lines:
- Be suspicious of any unsolicited healthcare and health plan information delivered to your mailbox. Check the sending email address carefully. If you are a US resident, it's very unlikely that a legitimate health care professional is sending you mail from a foreign country email server such as broopill.cz.cc or mail.goo.ne.jp
- Avoid loan, credit card, insurance or other finance offer delivered to your mailbox, especially when rates quoted are sub-prime or terms are generous.
- Ignore bargains or offers from merchants you have not used or granted permission to send you email. In the best case, these merchants are sending unsolicited bulk email; in the worst case, the mail is from phishers, not merchants. Again, check the sending mail address carefully. Read the entire email address. Phishers may embed the name of a merchant or brand in an email to convince you the message is legitimate.
These good practices are complements to, not substitutes for, the every day measures you should take to avoid being phished. You'll find some common sense guidelines at Stop Think Connect and other antiphishing measures here.
Warmest Greetings, Although I thoroughly enjoyed your post immensely, there are issues I must voice. I have a ton of hard core information that says under no circumstances , do subliminals work. So you have nothing to worry about. But anyhow, you have an interesting viewpoint and I thank you for letting me share this with you.
Posted by: Moritz Lightman | Friday, 24 December 2010 at 06:06 AM