Stewart Blog Article

Avoid These Common Phishing Email Subject Lines | Stewart Title Blog

Published on: September 23, 2019



CD. Two simple letters define the phishing flavor of the week. Specifically, we’re talking about subject lines that contain CD. We continue to see more and more targeted (spear) phishing attacks that combine resonating subject lines with names of banks, lenders, title companies and other recognizable partners.

Of the 58 reports of emails with CD in the subject line we received over a recent seven-day period:

  • 33 had Completed CD - Closing Docs Attached {Title Commitment, CPL, Preliminary CD} as the subject line
  • 16 had Completed CD - initial closing docs & title updated commitment).CPL, attached** as the subject line
  • 3 had Fw: Loan#3001896404/ CD To Review - 116 Lane - FINAL Closing Disclosure - CD Collaboration as the subject line
  • 3 had INITIAL Closing Disclosure (Wire figures) - CD & Other Closing Documents Available! as the subject line
  • 2 had Prelim CD - Closing Disclosure Collaboration Available! as the subject line
  • 1 had Initial CD - Preliminary Fees for Closing Swilling, 1404 2ND ST. Tuesday, September 6, 2019 as the subject line

None of these looked out of the ordinary, but they were all fraudulent, with fake links designed to steal email credentials.

Remember, even if you recognize the property address in the subject or the body of the email, it may not be legitimate. Attackers could've stolen details from anyone in the chain and used them to look credible to all parties. Unfortunately, you pretty much have to be a part-time Sherlock Holmes to scrutinize every email and foil the plot.

While we’re on the subject of spearfishing, here are some old and not-so-old tricks criminals use to try and steal your information:

  • Emails that contain password protected files with a password in the same email
  • Emails that contain attachments with ZIP files
  • Emails that contain attachments of any kind with links inside them
  • Subject lines that include Re: and Fw: to create the perception of an existing thread

That last one is relatively new. The attacker may use an existing, but dated, email that was stolen in previous hacks and forward it with a newly minted link or attachment. Be sure and check the dates of the entire email conversation. We've seen quite a few where the last conversations were over a month old.

Think before you click.