As the frequency of bait attacks, also known as reconnaissance attacks, increases, it seems that cybercriminals who send this type of phishing email choose to run their operations using Gmail accounts.
According to a survey conducted by Barracuda experts, almost 40% of the 10,500 businesses analyzed were targeted by at least one bait attack in September 2021, with each company receiving one of these emails in an average of three different mailboxes.
What Is a Baiting Attack?
A threat actor uses a baiting attack to just gather information about an individual or corporation in order to plan future attacks. Bait attacks are typically delivered in the form of emails with very short or even empty content.
The purpose of this type of attack is merely to verify the existence and accessibility of the receiver’s email, which is achieved if the threat actor receives a no “undeliverable” notification or, better yet, gets an answer from the target. Another goal is to test the effectiveness of automated spam-detection solutions.
Traditional phishing detectors struggle to defend against this class of threats because they contain little text and no phishing links or malicious attachments.
Gmail, the Biting Attack’s Favorite
Threat actors usually