A survey conducted by Barracuda surveyed 10,500 organizations and found that 35% of them had at least one bait attack email in September 2021 alone. Bait attacks are becoming more frequent, and it appears that bad actors who distribute this special kind of phishing email prefer to use Gmail accounts to execute their attacks.
You may be wondering what a bait attack is. It is a type of phishing where threat actors attempt to gather basic information about a specific target and use it for targeted and more effective attacks in the future. These types of emails typically do not include dangerous links as is typically seen in phishing emails. They may sometimes have a simple question to elicit a response, but they often do not have any words at all.
While many may find an empty email strange, the attackers have the following goals in mind:
- Confirm that the recipient’s email address is valid
- Confirm that the email address is actively used
- Confirm targets’ susceptibility to unsolicited emails
- Test the effectiveness of automated spam-detection solutions
Attackers also know that since their emails do not contain attachments or links, they have a better chance of sneaking past phishing defense systems.
Barracuda determined that 91% of these bait attacks are originating from new Gmail accounts. They attribute this hefty trend to Gmail being very popular and people associating Gmail with legitimacy and trustworthiness. Gmail was likely selected by attackers given that it is a platform that allows for quick and easy creation of accounts. Gmail also supports a read receipt functionality which alerts attackers to the validity of the email address even if the recipient never responds.
Barracuda experimented by responding to these bait attack emails and determined that the quickness of the attackers’ responses demonstrated readiness and the tight connection between these empty emails and full-fledged phishing attacks.
WHAT SHOULD I DO?
Remember, you do not even need to respond to these emails for the attackers to confirm they are available for potential exploitation. If you see one, delete it without opening it! However, replying to the email does move you to a higher priority as attackers see those who respond to be more susceptible to exploit.
If your firm requires assistance with meeting cyber security program compliance expectations, Fairview can help. We support registered investment advisers by creating and implementing comprehensive, sustainable compliance programs with the help of our in-house regulatory experts. Contact us today for more information about our services.