Scammers have turned to a new tactic to target email users, and it appears Gmail users have the biggest target on their backs. The latest threat to find its way into inboxes is using something called “Bait attacks” which seem pretty harmless at first but can lead to users handing over hugely sensitive data including passwords and banking details.
As spotted by the security team at Barracuda, the latest batch of emails look innocent enough with them often using the simple subject line “Hi”. Once opened, there’s usually no text within the email making it appear that an error has occurred or something has gone missing. This can tempt recipients into replying but be warned!
Although these emails may appear pretty innocuous, they are actually reconnaissance missions to see if the account is live and being actively used by someone.
Bait attacks are a technique attackers are using to test out email addresses and see who’s willing to respond.
As Olesia Klevchuk from Barracuda explains, “The bait attacks, also known as reconnaissance attacks, are usually emails with very short or even empty content. The goal is to either verify the existence of the victim’s email account by not receiving any “undeliverable” emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials.”
Out of all the latest “Bait” attacks spotted in this recent wave, over 90 percent have been sent out to Gmail accounts meaning users of this popular service need to be on high alert.
To prove just how easy it is to become a victim of this type of cyber crime, the Barracuda team responded to one “bait” message and within 48-hours had already received their first full phishing attack which claimed that they had just been billed over $389 for a Norton subscription and should call a number to cancel.
This type of scam, which uses fake call centres, is growing in popularity with thousands of people being targeted on a daily basis. And don’t think for one minute that these types of attacks don’t work, with the Proofpoint cyber experts estimating that around 60 million people have already lost money due to these call centre scams.
The most recent attacks spotted by Proofpoint are using popular and trusted names such as Justin Bieber ticket sellers, computer security services like Norton, COVID-19 relief funds, or online retailers such as Amazon. The emails usually promise refunds for mistaken purchases, software updates, or financial support.
If you get an email in your inbox that looks anyway suspicious – or claims that you have made a big purchase online – you should not reply to it and send it straight to your bin.