Baiting attacks are on the rise and it seems that hackers who distribute this special type of phishing emails prefer to use Gmail accounts to carry out their attacks.
According to a report by Barracuda, which surveyed 10.500 organizations, 35% of them received at least one bait attack email in September 2021 alone.
What is a baiting attack?
12th Infocom Security 2022 - Presentations and interviews
Zoe Konstantopoulou: Developments at STE for Mr Bitcoin
Giannis Andreou LIVE: Crypto, NFT, Metaverse forecasts
LIVE: GoldDigger credential detection & PinataHub platform
LIVE: SocialTruth project - The fake news detection system
SocialTruth European Project - Live Interview Coming Soon
"Bait attack" is a subcategory of phishing where threatening agents try to gather basic information about a specific target and use it for more targeted and effective attacks in the future.
It is a preparatory identification step that is rarely accompanied by payloads or embedded links in the body of the email.
While some of these emails contain a key question or something that is more likely to be answered, many do not contain any text at all.
While it may be strange to send an almost blank email, threatening agents use it for the following purposes:
- Verify that the recipient's email address is valid
- Verify that the email address is being actively used
- Confirm the target's sensitivity to spam
- Test the effectiveness of automated spam detection solutions
Since these emails do not contain links to phishing sites and do not carry attachments, they are usually passed through phishing defense systems as they are not considered malicious.
Barracuda statistics show that 91% of all these bait emails are sent from new Gmail accounts, while all other email platforms account for only 9%.
This preference is due to the fact that Gmail is a very popular service that people associate with legality and reliability.
The same goes for email security solutions that treat Google email as a highly trusted service.
In addition, Gmail is a platform that allows you to quickly and easily create nickname accounts without much fuss.
Finally, Gmail supports the "read proof" feature, which tells hackers that the recipient opened the message even if it never responded.
This fulfills the purpose of the baiting attack, which is to confirm that the mailbox is valid and actively used.
Barracuda decided to experiment by responding to these baiting emails, which are not supposed to start the phishing process.
Within 48 hours, the security company employee received a targeted phishing attack that was used after a fake Norton LifeLock purchase claim.
This rapid response demonstrates the readiness of the threat agents and the close connection between these harmless emails and fully developed phishing attacks.
Source of information: bleepingcomputer.com