Dear All…” and Other Red Flags: How Phishing Emails Hook You

Phishing emails are the digital equivalent of baited hooks, crafted to look harmless but designed to reel in your personal data. Despite growing awareness, these scams are evolving fast, often hiding behind familiar phrases and urgent requests. Let’s break down the most common subject lines used by cybercriminals and how to spot them before you click.

“Your Session Has Expired. Click Here to Sign in Again.”

This classic trick plays on habit. You’re nudged to re-enter your credentials on a fake login page that mimics a trusted site. Once entered, your details are sent straight to attackers. In some cases, they’ll even change your password to lock you out entirely.

Tip: Always check the sender’s email address and hover over links before clicking.

“We’ve Noticed Unusual Activity on Your Account.”

Urgency is a scammer’s best friend. These messages often impersonate big brands like PayPal, Netflix, or Apple, warning you of suspicious activity. The goal? Get you to panic and hand over sensitive info.

Tip: Don’t rush. Log in directly through the official website not through email links!

“I Need You to Make an Urgent Payment”

Spearphishing targets specific individuals, often within companies. Scammers impersonate executives or finance officers, requesting wire transfers or sensitive documents. In one real case, fraudsters stole over CA$100,000 from the city of Ottawa by posing as the city manager.

Tip: Always verify unusual requests through a separate communication channel.

“Dear Applicant…”

Fake job offers are a growing threat. These emails may include malicious attachments or links to phishing sites disguised as application portals. Groups like Lazarus have used this tactic to target professionals with tailored scams.

Tip: Research the recruiter and job listing before responding or clicking.

“Due to the Current Situation…”

Scammers exploit global events- wars, pandemics, sports tournaments, etc to craft believable narratives. For example, one campaign used a fake document titled “Nuclear Terrorism: A Very Real Threat” to lure victims during the Ukraine conflict.

Tip: Be sceptical of emotionally charged messages tied to current events.

“Merry Christmas!” or “Your Gift Is Waiting!”

Holiday-themed scams spike during festive seasons. From fake vouchers to malware-laced e-cards, these emails prey on the shopping frenzy and generosity of the season.

Tip: Avoid clicking on unsolicited holiday offers or attachments.

“We Are Unable to Process Your Tax Return”

Tax season brings a flood of phishing emails pretending to be from government agencies. They may ask for missing information or offer fake refunds in exchange for credit card details.

Tip: Government agencies rarely request sensitive info via email. When in doubt, call them directly.

“No Response Required”

Some phishing emails are minimalistic, just a vague subject line and a suspicious attachment. These often target corporate networks and may contain malware hidden in PDFs or Word documents.

Tip: Never open unexpected attachments, especially from unknown senders.

How to Stay Safe

Slow down. Don’t click impulsively.
Verify the sender. Check email addresses and domains.
Look for red flags. Spelling errors, urgent tone, and unexpected requests.
Use security tools. Anti-phishing software and email filters help.
Educate your team. Awareness is your first line of defence.

Phishing emails are getting smarter but so can you. By recognizing the signs and staying alert, you can keep your inbox from becoming a trap.