One third of businesses are being targeted by ‘Bait’ attacks

Over one third of global businesses are likely to be targeted by a ‘bait attack’ over a one month period, according to Barracuda Networks, a trusted partner and leading provider of cloud-enabled security solutions. 

‘Bait attacks’, also known as reconnaissance attacks, are a technique which sees attackers ‘testing’ email addresses and identifying who is willing to respond. The goal is to either verify the existence of the victim’s email account by not receiving any “undeliverable” emails or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials.

Barracuda’s research was published in this month’s Threat Spotlight, it revealed that just over 35 per cent of 10,500 organisations were targeted by at least one bait attack over a one month period, observed in September 2021. The data revealed that ‘bait’ attacks were likely to impact an average of three distinct mailboxes per company.

The bait attacks are usually emails with very short or even empty contents, making it hard for conventional phishing detectors to flag or block these kinds of attacks. Attackers also rely on a low volume, non-burst sending tactic, in an attempt to deceive any bulk or anomaly-based detectors. 

Similarly, Barracuda Researchers revealed that attackers typically use fresh email accounts from free services, such as Gmail, Yahoo or Hotmail to send the attacks – with Gmail in particular accounting for 91 per cent of all email domains associated with bait attacks.

Bait attacks typically precede, or ‘set-up’, a targeted phishing attack, so the Barracuda research team ran an experiment by replying to a bait attack that landed on of their own employee’s private mailboxes.

The Barracuda employee replied to a ‘bait’ attack [FIGURE 1], which had no email content and sub headed with “Hi”, with an email containing the message “Hi, how may I help you?”, and withing 48 hours the employee received a targeted phishing attack [FIGURE 2]. The original email was designed to verify the existence of the mailbox and the willingness of the victim to respond to email messages.

Michael Flouton, VP Email Protection Products for Barracuda Networks told B365: “Cyber attackers are always looking for new and innovative ways to improve the efficiency and success-rate of their carefully composed spear-phishing attacks, and whilst typically harmless in their own right, bait attacks are posing a serious threat to business data by targeting susceptible staff.

“The best method of tackling this growing threat, which are largely undetectable by traditional filtering technology, is by training users on how to recognise and report them. It’s important that bait attacks are removed from an inbox as soon as they identified, to prevent users from opening or replying to them, and automated incident response software will identify and remediate these messages in minutes, preventing further spread of the attack and helping to avoid making your organisation a future target.”