Businesses in the US are slowly realizing the need for employee education to prevent cyberattacks like ransomware and other devastating malware that start with phishing emails. However, for email scammers targeting organizations, the slower the education, the better. Also, employers with a BYOD (Bring Your Own Device) policy are at increased risk of hacking should their employees have poor personal email safety habits. As the financial cost of phishing attacks against businesses of all sizes continues to grow, so does the need for employees to be aware and be on the lookout for email phishing.

Recent cost figures vary – from the lowest being $1.6 million, to a projected cost by Juniper Research ringing in at $150 million by the year 2020. No matter how you slice it, the cost of phishing attacks for any size organization is huge, and one from which not all recover. According to Webroot Threat Report, an estimated 1.5 million new phishing sites pop-up each month. That’s bad news for companies and consumers alike, but it shines a spotlight on just how important it is for employees to be ready to spot bogus emails, starting with the subject lines.

Just last month, Webroot’s “The 2018 Webroot SMB Pulse Report” finds email phishing the top security threat to SMB’s (Small-to-Medium-Size Business). Of the 500 SMBs surveyed, 24% stated this fact. The same percentage weren’t sure of their number one threat. However, companies that had between 20 and 99 employees thought naiveté held that spot, with only 22% thinking it was phishing.

Employee awareness is proving to be key to stopping email phishing attacks. The report finds overall the following email subject lines the top to look for this year, warts and all.

  • Review or Quick Review
  • Bank of ; New Notification
  • Charity Donation for You
  • FYI
  • Action Required: Pay your seller account balance
  • Unauthorize login attempt
  • Your recent Chase payment notice to
  • Important: (1) NEW message from
  • AMAZON : Your Order no #812-4623 might ARRIVED
  • Wire Transfer
  • Assist Urgently

This list shows that although hackers may not be the best at constructing subject lines, they do know how to get at the heart of the matter by preying on human emotions. Phishing risks involving a company and its employees, is costly in many ways. One opened bogus email and one click on an attached link can put the future of an entire company at risk. Not only are there financial repercussions involved, but the loss of consumer confidence can prove most costly of all. Ongoing education for employees alerts them to look for suspicious email subject lines and unknown, suspicious, or unexpected senders as the first line of defense. Other awareness training includes checking for bad spelling and grammar and overall, unprofessional appearance.

No matter what size company, hackers are only too happy to take advantage of unsuspecting and trusting employees through email phishing. An aware, educated employee may well be one of the most important assets a business can have for their continued success.