Beware of Gmail bait attacks! Unique modus operandi exposed; stop it this way
Gmail is considered as one of the most trustable platforms for sharing mail and information. However, with rising concerns regarding cybersecurity, no digital space is safe! And the same applies to Gmail. A shocking new modus operandi has been exposed now through which cybercrimnals were launching, what is now being dubbed as Gmail bait attacks. According to a new report from the IT security company Barracuda Networks, cybercriminals are targeting potential victims with phishing attacks via the Gmail bait attack technique. It is as effective as it is simple and saving yourself from this attack will require you to stay focussed on what you are doing.
Bait attack is a technique in which cybercriminals send false emails to gather information and test who is willing to respond to such emails, so that they can use this information in future phishing attacks. "Over 35% of the 10,500 organizations analyzed were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages," Barracuda researchers' analysis revealed.
How to identify Gmail bait attacks?
Bait attacks are usually emails with short content or even empty of all content. In fact, surprisingly, these attacks do not include any phishing links or malicious attachments. This makes it very difficult or even impossible for phishing detectors to defend or warn against such emails.
Furthermore, in order to escape being detected, the attackers generally send the bait attacks using new email addresses from free services such as Gmail, Yahoo, or Hotmail. According to analysis by Barracuda researchers, 91% cybercriminals use Gmail for bait attacks. So, basic way for you to identity the bait attack is to check the email content. This, of course, can be frustrating.
Gmail bait attack modus operandi
The intent behind launching these Gmail bait attacks, also referred to as reconnaissance attacks, is to verify the victim's email account - whether it even exists or not. This becomes clear when the criminals do not receive any “undeliverable” emails. The second goal is to strike up a conversation with the victim. After that, the phishing attack is launched in full force that would result in loss of money or the secret data of victims, says Barracuda.
How to protect against bait attacks?
1. AI to identify and block bait attacks
In case of bait attacks, conventional filtering technology doesn't work as the messages carry no malicious links or information. On the other hand, AI-based defence is effective to exploit data extracted from multiple sources and protect against bait attacks.
2. Never reply to bait attack mails
Recognising such attacks is the biggest requirement and most importantly never reply to such emails. Also, report the attack to your IT and security teams.
3. Don't let bait attack mails stay in your inbox - delete
Once you identify the bait attack, remove it, don't let it remain in your inbox. Automated incident response can assist in identifying and fixing these messages in no time, preventing the attack from expanding further.