Over 90 percent of bait attacks use a Gmail account

If you receive a suspicious email that may look like an attempt to bait you, the sender’s address being a Gmail account may indicate it is more likely to be so.  

This is according to new research into baiting attacks by cybersecurity company Barracuda, who also found a growth in bait email attacks generally, with 35 percent of organisations targeted by at least one bait attack in September 2021. 

What are bait attacks? 

Bait attacks are a type of phishing that threat actors might use as a precursor to a more typical phishing attack, instead focusing on gathering information about the target that can be used to plan future attacks. 

Also known as reconnaissance attacks, they involve an email being sent to gather intel on the target, usually containing very limited content or none at all. Unlike typical phishing emails, they are unlikely to include malicious attachments or links housing sinister payloads. 

Instead, their goal is to: 

• Confirm the recipient’s email address is valid 
• Confirm the account is actively used 
• Check susceptibility to fall for fraudulent emails 
• Test effectiveness of spam filters 

Since bait emails tend not to hold many of the characteristics of standard phishing emails, like containing malicious links and attachments, they will often pass through anti-phishing filters.  

Why is Gmail so popular? 

According to the research by Barracuda, 91 percent of the domains from which bait emails are sent are Gmail. Why is Google’s email service so popular for threat actors to use? 

Firstly, alongside other email providers such as Yahoo and Hotmail, Gmail accounts are free and easy to make. Attackers use new accounts when sending bait emails to avoid any issues with reputation. 

Gmail is the preferred service for a few reasons. With its association to Google, Gmail is a popular service that people associate with legitimacy and trustworthiness.  

Email security solutions take a similar view and treat Gmail accounts as reputable. 

But, most importantly, Gmail supports ‘read receipt’ functionality, which informs the sender if the recipient opened the message, even if they didn’t reply. 

By knowing if the message was opened, the main purpose of the bait attack is met. The attacker needs to know if the email account is valid and actively used by its owner.

Testing the bait 

Barracuda found that just over 35 percent of the 10,500 organisations in their research were targeted by at least one bait attack in September, with three distinct mailboxes per company, on average, receiving a bait message. 

The researchers decided to test what happens when one of these emails are responded to. 

After responding ‘Hi, how may I help you?’, they received a targeted phishing attack within 48 hours. 

This demonstrates the connection between these bait email attacks and typical phishing attacks. By responding, the victim presented themselves as being a prime target for exploitation, and will also likely be the victim of more phishing attacks as a result. 

For businesses, avoiding bait attempts and the associated phishing attacks which may follow requires up-to-date knowledge on the latest cyberthreats as well as potentially employee training and the latest software defence solutions. Securiwiser publishes news and blog articles everyday to help keep you in the loop.