Summary

A Bait attack is kind of a phishing attack where the attackers try to gather information about the target and use this information in future attackers. This is more like testing or researching on targets who are willing to respond and targeting them more effectively.

“While the number of bait attacks is still low overall, they are not unusual. Based on analysis by Barracuda researchers, just over 35% of the 10,500 organizations analyzed were targeted by at least one bait attack in September 2021, with an average of three distinct mailboxes per company receiving one of these messages.” Said Olesia Klevchuk from barracuda.

Reconnaissance attack also another name for bait attacks is usually empty or short content emails as the goal is to check the existence of the targets email account and to start a conversation which would lead to an attack. They usually don’t contain malicious links or attachments therefore its hard to detect these bait attacks. Threat actors use free email services like Yahoo, Gmail, Hotmail to send the attacks.

91% of the bait attacks were done using Gmail. The question is why Gmail?

• A very popular service most people use
• Highly reputed in terms of email security solutions
• Quick and easy to create accounts
• Supports “read receipt” functionality – Shows that the recipient has opened the message even though they didn’t reply

Barracuda research on this by replying to one of the baiting emails and waited for a phishing mail. Within 48 hours the employees received a phishing mail as below,

Remediate

Barracuda suggest the following to be protect from bait attacks,

• Deploy AI to identify and block bait attacks.
• Train your users to recognize and report bait attacks.
• Don’t let bait attacks sit inside users’ inboxes.

Reference

• https://blog.barracuda.com/2021/11/10/threat-spotlight-bait-attacks/
• https://www.bleepingcomputer.com/news/security/gmail-accounts-are-used-in-91-percent-of-all-baiting-email-attacks/