The days of receiving phishing emails with subject lines like “Payment Overdue!” may be coming to an end. As users grow desensitized to alarmist messages, malicious actors have shifted to more subtle approaches.
“Request” was the most common word in phishing subject lines in 2024, according to research from Cisco. Threat actors have largely abandoned urgent or time-sensitive language, instead opting for ordinary terms that blend seamlessly into a user’s daily inbox.
Microsoft Outlook was the most commonly spoofed brand, appearing as the sender in 25% of suspicious emails, followed by Amazon and LinkedIn. Other frequently impersonated names include PayPay, a Japanese payment service, and Chinese e-commerce giant Shein.
A Hot Market for Credentials
One reason phishing remains so prevalent is that adversaries find it easier to compromise networks and accounts by obtaining credentials for illegal log ins rather than using more complex methods like deploying malware.
According to a report from Javelin Strategy & Research, 2025 Identity Fraud Study: Breaking Barriers to Innovation, identity fraud incidents and financial losses skyrocketed over the past year. The survey found that over half of consumers surveyed experienced an increase in unusual text messages, while slightly fewer noticed a rise in emails with suspicious links. In total, consumers lost $27.2 billion to identity theft in 2024—a 19% increase from the prior year, according to Jennifer Pitt, Senior Analyst of Fraud and Security and author of the study.
A thriving market for stolen credentials further fuels this trend, with valid username and password combinations frequently bought and sold on the dark web. According to Cisco, bulk lists of credentials commonly sell for as little as $10 on dark web marketplaces.
System Vulnerabilities
One of the most common organizational vulnerabilities leading to successful phishing attacks is weak multi-factor authentication. Pitt recommends that organizations implement MFA protocols incorporating behavioral and device analytics, as well as biometric authentication methods such as fingerprint and voice recognition. These password-free methods can also prevent criminals from using stolen credentials to create fraudulent new accounts.
Another critical security weakness stems from unpatched and vulnerable systems. Many widely used systems are several years old, and patch management remains a continuing challenge for many organizations.
