By Max Gannon
Each individual phishing marketing campaign that Cofense Intelligence analyzes is offered a title which includes a concept. This topic is critical because it characterizes the campaign and supplies insight into the risk actor’s intentions. Realizing that a phishing e-mail concentrating on the hospitality field is themed just after Vacation Aid alternatively than a generic Finance theme is important as it enables a a lot more concentrated reaction. It also assists organizations in improved choosing appropriate phishing simulations to use on their staff members. We are going to deal with some of the extra widespread themes, what they are composed of, and what tendencies we can notice with them.
Contents
Primary Takeaways
- Themes are centered off of the email content including the topic, e-mail human body, attachments, and so on.
- Highest variation of themes was in Q3 and Q4 of 2023.
- Gains themed email messages were being most common in Q1 and Q4 of 2023.
- Fax and Document themed e-mails were most popular in Q1 of 2023.
- Lawful themed email messages have been most common in Q3 and Q4 of 2023.
- Tax and Notification themed e-mails were being most widespread in Q3 of 2023.
- Closing (as in closing on a property) themed e-mail were most typical in Q1 and Q3 of 2023.
- Of the Main themes, Finance produced up 54%, Notification manufactured up 35%, Shipping designed up 7%, and Response built up 3%.
- Of the Reasonable themes, Document designed up 38%, Voicemail created up 25%, Journey Support designed up 24%, Fax designed up 8%, and Legal produced up 6%.
- Of the Minimal themes, Advantages manufactured up 37%, Taxes built up 32%, Work Software made up 21%, and Closing created up 10%.
What Phishing Electronic mail Themes Indicate
The themes observed in this report are specially the overall theme of the electronic mail, not just the matter or the qualifications targeted. This contains the model spoofed, the attachment names, rendered attachments in the scenario of files or HTM(L) files, and the email overall body content. That claimed, a large portion of the concept of an electronic mail is tied to its topic as that is, immediately after all, the first section of an e mail that a target sees, so it is typically made to attract in their awareness.
Themes Above Time
Observing developments in the phishing email themes of campaigns throughout 2023 will help give us insight into what menace actors assume is most probably to get interaction from victims at that point in time. We will appear at many changes in concept quantity dependent on time of calendar year, for instance Added benefits themed emails spiking in the course of pertinent time durations. Over-all, we observed greatest volume of continuously themed strategies in Q3, the least expensive quantity in Q2 and the maximum variation in themes in Q3 and Q4.
Key Themes:
The “Major” phishing e mail themes below are the themes with the highest volume that are also usually the most appropriate as staff are additional probable to see them. The themes in this class are Finance, Notification, Transport, and Response.
Finance-themed email messages usually have subjects relating to invoices, payments, pay back slips, statements, orders, remittances, or receipts. Finance themes had been somewhat reliable for 2023, observing an in general slight lessen from Q1 to Q4 with no important declines or boosts. This is most likely because of to Finance being the most frequent concept total and observing the exact decline in quantity that most campaigns saw towards the conclusion of the calendar year.
Notification-themed e-mail generally have topics relating to password expiration, reminders, messages, needed steps, the latest functions, or appointments. Notification themes slowly increased until eventually Q3 and then dropped off in Q4. This is section of an all round development in phishing as Q4 saw an total decrease in campaigns.
Transport-themed email messages generally have topics relating to shipments, port info, arrival notices, cargo, or everything to do with DHL, FedEx, UPS, and USPS. Transport themes were best in Q1, especially in February, and ongoing to drop until finally Q4. According to our Strategic Investigation “Shipping-Themed E-mail: Not Just for The Holidays” that lined facts from 2021-2023, the volume of shipping themed email messages generally improves only a little bit in Q4 which we noticed only toward the conclude of Q4 in 2023.
Response-themed e-mails typically have topics relating to any kind of reaction or in some cases forwarded messages as perfectly as hijacked and spoofed e mail threads. Even though quite a few risk actors spoof reply chain threads, the most sophisticated menace actors hijack pre-current e-mail threads. Reaction themes peaked in Q2, precisely in May possibly which was 25% higher than every single other thirty day period. This will make perception as May well saw a surge in QakBot campaigns making use of reaction themes or even injecting into pre-existing reply chains.
Determine 1: Significant campaign themes in 2023.
Average Themes:
The “Moderate” phishing email themes below are the themes that are not most normally seen but are however found with regularity and are often utilised in more qualified or advanced campaigns. The themes in this group are Doc, Voicemail, Travel Guidance, Fax, and Authorized.
Document-themed email messages generally have topics relating to approved paperwork, doc signatures, completed files, shared files, or they spoof DocuShared and DocuSign. Doc themed e-mails were being the only average concept that did not decrease in Q2.
Voicemail-themed e-mails typically have subjects relating to voicemail, voice messages, simply call audio, voice calls, caller aspects, caller notes, missed phone calls, recordings, or phone transcripts. Voicemail themes peaked at the begin of Q1 and the finish of Q3 before leveling out in Q4.
Travel Assistance-themed email messages usually have topics relating to responses to reconnaissance email messages about reserving, reservations, help with vacation, scheduling, healthcare accommodations, area demands. Travel Support themed emails focusing on hospitality from Q3 to Q4 but died off toward the stop of Q4. Specially in December there was a 66% fall in Vacation Guidance themed ATR volume.
Fax-themed emails normally have subjects relating to fax messages, faxed files, private faxes, or they are spoofing eFax or MyFax. Fax themes peaked in Q3, hit rock bottom in Q2, and gradually amplified for the relaxation of the yr.
Authorized-themed e-mails have some of the widest spreads of related subjects and commonly have topics relating to arrests, guardianship worries, summons, court cases, sanctions, car fines, accusations, prison satisfies, or lawsuits. Lawful themes enhanced throughout 2023 from Q1 to Q4. The vast greater part of these were in Spanish. Q1 to Q3 have been typically Remcos but Q4 observed a diversification into XWorm RAT, njRAT, and Async RAT.
Determine 2: Average campaign themes in 2023.
Small Themes:
The “Minor” phishing e-mail themes listed here are the least normally found but most possible to be associated to a certain time of year. The themes in this class are Closing (ordinarily on a residence), Positive aspects, Taxes, and Position Application.
Closing-themed emails (commonly on a house) commonly have topics relating to closing files, closing deals, payoff statements, closing payments, or closing disclosures. Closing themes lowered over time and didn’t show up at all in Q2 which is astonishing as Q2-Q3 is frequently the biggest time for serious estate sales.
Benefits-themed e-mails commonly have topics relating to insurance protection, wage changes, payroll policy, rewards packages, yearly benefits, wage amendments, enrollment, health-related protection, staff added benefits, well being insurance plan, open up enrollment, W2s, or family vacation acceptance. Positive aspects themes were being maximum in Q1 and Q4 which makes sense as it is all over this time that most companies do positive aspects.
Taxes-themed emails usually have subjects relating to taxes invoices, VAT, tax receipts, tax clearances, tax assessments, profits tax, tax credits, e-filling, or the IRS. Tax themed email messages peaked in Q3 and Q4, possible working with the past owing date of taxes to make folks stress (Taxes for United States based organizations are typically thanks in April at the begin of Q2).
Occupation-Application-themed emails ordinarily have subjects relating to resumes, CVs (curriculum vitaes), position features, programs, work vacancies, position queries, or a posture name like “financial advisor”. Occupation application themes have been consistent for Q1 and Q2 but declined for the second half of the calendar year.
Figure 3: Minor marketing campaign themes in 2023.
The put up Most Widespread Phishing Email Themes of 2023 appeared to start with on Cofense.