Categories: NewsSecurity Tips

New baiting attack reaches victims mainly via Gmail

A baiting attack is using mainly Gmail addresses to reach its victims, as these attacks are on the rise all over the world.

According to Barracuda who surveyed 10,500 organizations, 35% of them received at least one bait attack email in September 2021.

What is a baiting attack?

A baiting attack is a type of phishing that entails gathering information about a target. But the main reason is to use the data in an even more targeted attack in the future. It’s a preparatory step that doesn’t usually come with any payloads or links on the email body.

Although most of these emails include a high-chance response basic question, many don’t include anything at all. It might seem strange to send an almost empty email, but threat actors are using them with precise goals.

First of all, they can confirm that the potential victim’s email address is still valid. Secondly, they make sure that the user actively uses the target address. Moreover, it may confirm victim’s susceptibility to unsolicited emails. And last, they test the automatic spam-detection programs that might exist on the computer.

Thus, such email messages can often slip through the phishing defense system, because they lack links to malicious sites or attachments.

Attackers prefer Gmail

According to Barracuda’s stats, 91% of all bait emails are sent from Gmail accounts. This is because Gmail has achieved a strong security and legitimacy reputation. Also, email security solutions treat it as a highly reputable service.

Furthermore, Gmail is a user-friendly way to create pseudonymous accounts. And it even supports “read receipts,” which tell the sender that the recipient opened the message even if they never respond.

Using this technique, the attackers are trying to find out if the potential victim is a real person. So, this works by making sure that the inbox is active and has been used in the past.

What happens if a user takes the bait?

As an experiment, Barracuda responded to these baiting emails. Then, within 48 hours, an employee of the security company received a targeted phishing attack.

So, such quick replies show that there is a strong connection between the empty emails and the phishing attacks. Still, replying to these emails is not a condition for the attackers to start their exploitation. That’s why users should always delete such emails

Anyway, whenever a victim responds to the bait, they become a higher priority for the hackers. Users who respond to these emails are typically more susceptible and easier to exploit.

Laurentiu Titei

Laurentiu, a creative content writer, has been producing articles about technology for more than 10 years. He is interested in all the security and internet news and his mainstream media background helps make them readable for all kinds of users. Moreover, he grows the appropriate social media channels for websites.

Recent Posts

Digital Advertising practices, under the pressure of fines

Its digital advertising practices continue to bring troubles for Google. Two separate cases will go to court in the UK…

2 years ago

Advertising discrimination, addressed by huge companies

WPP, Delta Airlines, Kellogg and Mindshare take the issue of advertising discrimination seriously, in order to combat bias in digital…

3 years ago

Ad fraud might hit $100B, advertising companies worry

Ad fraud has become a very big issue for both users and the advertising agencies. Different forms of it might…

3 years ago

The ad-based business model: Would Facebook change it?

The Facebook lead architect of the ad-based business model leaves the company. Let's see how her move could affect company's…

3 years ago

Here it comes: New Meta privacy policy. Does it matter?

A new Meta privacy policy comes soon for the company's platforms. Users would be notified of the updates about how…

3 years ago

Advertising company: ”Our customers don’t like ads”

As its “customers don't like ads,” Evite, an American online party planner, decided to just close its advertising business, while…

3 years ago