Growing Threat to Cyber Security
The usage of baiting attacks has been increasing these past few years as the world comes into the digital era, with threat actors creating bait emails using Gmail accounts to conduct their schemes. In September 2021, 35% of the surveyed 10,500 organisations received at least one phishing email.
Baiting attacks aim to collect basic information about a specific target, and the success of these attacks depends on the recipient's susceptibility and awareness of cyber security. Baiting attacks do not contain links to phishing sites or carry any attachments, making them less likely to be identified by phishing defense systems.
A bait attack can look as simple as this image below:
Example bait attack without any text, source from BarracudaWhile it may be strange to send an almost empty email, the threat actors are using them with the following goals:
1. Confirm that the recipient’s email address is valid
2. Confirm that the email address is actively used
3. Confirm targets' susceptibility to unsolicited emails
4. Test the effectiveness of automated spam-detection solutions
Barracuda's report showed that 91% of baiting emails are sent from newly-created Gmail accounts as the platform is associated with legitimacy and trustworthiness, and regarded by organisations as a highly reputable platform and promising email security solutions.
Gmail also allows for the quick and easy creation of fake names for accounts without much trouble and supports "read receipt" functionality, which confirms to the threat actors that the recipient email is valid and that the victim has read the malicious email.
Replying to bait emails puts the receipt in a higher priority category for the threat actors, as users who respond to bait emails are typically more susceptible and easier to exploit. Barracuda experimented and found that replying to such empty emails could quickly lead to a targeted phishing attack (also known as spear phishing), as seen after a false Norton LifeLock purchase claim received 48hrs after replying to a baiting email. It is recommended to delete such emails without opening them and be cautious to not fall prey to potential exploitation.
Phishing email sent to victim, source from BarracudaCYBER SECURITY AWARENESS IS IMPORTANT
Check out our related articles below and keep up to date in cyber security
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.