1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Gmail is awash with bait attack phishing emails

    From TechnologyDaily@1337:1/100 to All on Thu Nov 11 00:45:04 2021
    Gmail is awash with bait attack phishing emails

    Date:
    Thu, 11 Nov 2021 00:30:52 +0000

    Description:
    Cybercriminals have begun sending out bait emails to verify email addresses and gather information before launching phishing attacks.

    FULL STORY ======================================================================

    Cybercriminals have begun researching potential victims in order to collect information that will help improve the odds of their phishing attacks being successful.

    According to a new report from the IT security company Barracuda Networks , these bait attacks are one technique employed by cybercriminals to test out email addresses they've acquired and see who is willing to respond.

    The firm's researchers surveyed 10,500 organizations to find that just over
    35 percent of them were targeted by at least one bait attack in September
    2021 with an average of three distinct mailboxes per company receiving one of these messages.

    As the emails sent out in bait attacks don't include any phishing links, malicious attachments or malware , they're able to bypass many email security systems and arrive successfully in organizations' inboxes. Bait attacks

    Bait attacks, which are also known as reconnaissance attacks , are usually emails with very short or even empty content. This is because the goal of these emails is to verify the existence of a victim's email account or to get the victim involved in a conversation that could lead to them transferring money or leaking their credentials to the attacker.

    In order to avoid being detected, the cybercriminals launching these attacks typically use brand new email accounts from free email services such as Gmail , Yahoo or Hotmail to send out their bait emails. In fact, over 90 percent of bait attack emails were sent using Gmail. At the same time, they also rely on low volume, non-burst sending behavior to get past any bulk or anomaly-based detectors.

    Barracuda's research team ran an experiment in which they replied to a bait email that had a subject line of HI and no content in the body of the email. Within 48 hours of responding to this email, the targeted employee received a phishing attack impersonating Norton LifeLock .

    To protect your organization and employees from bait attacks, Barracuda recommends deploying AI to identify and block these kinds of attacks,
    training staff to recognize and report bait attacks and not letting bait attack emails sit inside users' inboxes.

    Looking to further protect yourself online? Check out our roundups of the best endpoint protection software , best identity theft protection and best malware removal software



    ======================================================================
    Link to news story: https://www.techradar.com/news/gmail-is-awash-with-bait-attack-phishing-emails /


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)