Phishing scammers are getting a little more resourceful when it comes to planning attacks, says a report from cybersecurity vendor barracuda.
some attackers are now orchestrating preliminary low-threat attacks first, to test and verify how likely the victim is to respond to a full phishing attempt.
These early emails, called “bait attacks,” are largely generated by scammers using the gmail platform.
what are bait attacks?
barracuda’s research into these bait attacks has shown that they start with a fairly innocuous email that does two things: first, it can pass through email defenses undetected, and second, acts to verify that email is in use. and the victim is likely to respond.
in your example. barracuda received a bait email with the subject “hello” and no other content. The research firm responded to the email with “hello, how can I help you?”, and within 48 hours received a scam claim purporting to be from norton lifelock, demanding payment of $400.
While traditional phishing emails have many red flags that allow systems to detect them early, from suspicious links and bad grammar to potentially compromised email addresses, these bait emails not only look innocent, but that by involving the victim, they also mean that the respondent is now waiting and waiting for a response. a receptive and captive audience is payday for a phishing scammer.
example of a barracuda bait email
where do bait attacks come from?
according to the research, around 35% of the 10,500 organizations it analyzed had received at least one bait attack in September 2021.
The method of baiting varies slightly from the approach typically taken by phishing scams, which tend to be high volume, peppering inboxes with emails in the hope that a small minority will fall for the scam. however, with bait attacks, barracuda found that attackers took a low-volume approach and avoided sending emails in bursts. presumably to try to bypass bulk or anomaly-based detectors.
To send these emails, scammers rely on free email services. This is not only because it will cost the scammer nothing, they are also a quick and easy way to set up new email accounts and have the benefit of a new email address that will not have been blacklisted.
The most popular free email service seems to be gmail, with 91% of bait emails identified by barracuda coming from the platform. others, like hotmail and yahoo, made up the remaining 9%.
gmail itself made headlines last month, with the news that it had identified and blocked 1.6 million phishing emails involved in a cryptocurrency scam.
how to avoid bait attacks
This phishing scam may be a bit more sophisticated than what we’re used to seeing, but that doesn’t mean it’s completely inevitable. the way the first email is sent without any detectable threat means it can slip through traditional antivirus software and email security, but there are steps you can take to mitigate the risk.
Watch: Knowing the signs of a bait attack is the first step to not falling victim to one. It’s important that you know what a bait attack looks like, and more importantly, that you don’t reply to emails with limited information or a simple subject line, as this could open the floodgates.
remove bait emails – If you detect a bait email, it is important that your IT department is alerted to the threat immediately so they are aware of it and can remove it, as well as be aware. watch for new attacks.
Email address blacklist: Although this scam tends to use new email accounts, it’s still a good idea to blacklist the sender, in case they try to send more emails to your organization.
While antivirus software is unlikely to detect a bait email, it should detect the phishing follow-up email, thanks to all the usual features like a suspicious link. antivirus software is a valuable tool for eliminating phishing emails and should be used in conjunction with good old-fashioned common sense to help reduce the risk of phishing scams.