Adversaries constantly look for new techniques to make their phishing attacks more effective; bait attacks are one of those techniques. Most phishers leverage bait attacks to estimate which victim is willing to respond to their phishing scams. The latest report from cybersecurity solutions provider Barracuda revealed that bait attacks launched via free email services like Gmail make organizations in Asia-Pacific vulnerable to phishing and other email threats. More than 10,500 (35%) organizations worldwide admitted that they’d been targeted by at least one bait attack in September 2021.
To avoid detection, most bait attacks are launched using new email accounts from free email services, such as Gmail, Hotmail, and Yahoo! Mail. The analysis reveals that 91% of phishers use Gmail to launch bait attacks.
What is a Bait Attack?
A bait attack, also called a reconnaissance attack, is an initial email designed to harvest the targeted victims’ data, used in future phishing attacks. Attackers often use bait attacks to find out the victim’s email account or trick the victim into an email conversation that eventually leads to phishing attacks. Bait emails usually don’t have any text, malicious links, and attachments, making it difficult for traditional phishing detectors to prevent these kinds of emails.
Barracuda’s research team experimented on bait attacks by responding to one of its employees’ bait emails. Initially, the attackers sent the bait email with a subject line ‘HI’ and empty body content. But after the employee’s response, the attacker sent a targeted phishing attack email. Phishers sent the initial email to verify the email address and the victim’s willingness to respond to emails.
While traditional phishing email filters and detectors are helpless in preventing bait attacks, Barracuda recommends certain email security measures to mitigate the risks associated with email threats. These include:
- Deploying artificial intelligence-based techniques to identify and block bait attacks
- Training employees to recognize and report bait attacks
- Avoiding bait emails in employees’ inboxes
Commenting on how organizations can mitigate the significant risks of email attacks, Mark Lukie, Systems Engineer Manager, Barracuda, Asia-Pacific and Japan, said, “Email scamming accounts for about 39% of all spear-phishing attacks, and can take many forms, though in general these attacks are designed to steal the identity of the victim or trick them into disclosing personal information. Many of these scams include fake invoices, charities, and other schemes meant to lure the victim into sending money to the attacker.
To protect against email attacks, it’s important to make sure you deploy a robust email gateway to filter inbound and outbound email messages for malicious content, helping to detect malicious intent across all emails. But while this is a great start, as in the case of bait attacks, no gateway solution is watertight, so having a good API-based inbox solution as a secondary defense, can help to significantly strengthen your security posture overall. In addition to this, making sure your team receives regular security awareness training and is aware of the latest threats is crucial. Continuous spear-phishing stimulation training will help them to minimize online behaviors which could leave your organization vulnerable, while allowing them to recognize and report malicious content, as an additional line of defense.”
Lukie also stressed on how email attacks affecting businesses and organizations in Asia-Pacific region. “Cyberattacks are a global issue, and it’s rare for any attack type to be focused on one particular market or region. Instead, attacks such as these tend to permeate across the world, making it imperative for all businesses to remain vigilant in the face of these threats. Asia-Pacific continues to be an attractive target for cybercriminals, largely due to the sheer scale of the region, which is poised to take its position among the world’s top digital economies. In addition to this, countries across the region have varying levels of cyber readiness, and there is currently no unifying framework when it comes to cybersecurity strategy or policy, which again makes the region a prime target for cyberattacks,” Lukie added.