Thought it was harmless, but if you receive this email, you are about to become a victim of a phishing attack

Tram Ho

A “bait attack” is a trick used by online scammers in which the bad guy tries to gather basic information about the target and use it for real attacks in the real world. future. Bait attacks are becoming more and more common, and it seems that perpetrators often prefer to use Gmail in their attacks. According to statistics from security company Barracuda, in a survey of 10,500 organizations, 35% of them received at least one attack email in September 2021 only.

Tưởng vô hại nhưng nếu nhận email này thì bạn sắp thành nạn nhân của tấn công lừa đảo - Ảnh 1.

These decoy attack emails often have no content inside. While it may seem strange to send an almost empty email, they are used for the following purposes:

  • Confirm the recipient’s email address is valid
  • Confirm frequently used email addresses
  • Confirm the object’s caution for strange emails
  • Check the effectiveness of automated spam detection solutions

Since these emails don’t have any links to phishing websites and don’t have any attachments, they will usually pass phishing detection systems, as they are not considered malicious.

Tưởng vô hại nhưng nếu nhận email này thì bạn sắp thành nạn nhân của tấn công lừa đảo - Ảnh 2.

Barracuda stats show that 91% of all these decoy emails are sent from newly created Gmail accounts, while all other email platforms account for only 9%.

Because Gmail is a very popular service and easy to gain trust from people, Gmail is also considered a service with a high reputation for security. Moreover, Gmail allows easy and fast account creation. Finally, Gmail supports a “confirm read” function, which lets bad guys know that the recipient has opened the message even if they don’t reply.

All of this helps the decoy attack email do its job, which is to confirm that the victim’s mailbox is valid and in regular use.

What happens if the victim replies to the email?

Barracuda decided to test it out by replying to these emails, which is not necessary to initiate the phishing process.

Within 48 hours, a Barracuda employee received a phishing email about a Norton LifeLock payment. This quick response demonstrates the strong link between blank looking emails and official phishing attacks.

Tưởng vô hại nhưng nếu nhận email này thì bạn sắp thành nạn nhân của tấn công lừa đảo - Ảnh 3.

Remember, you don’t even have to reply to these emails for an attacker to know if you’re a potential prey. However, if you reply, you will be placed on a priority target list as people who respond to decoy emails like this are thought to be more easily fooled.

Reference: BleepingComputer

Share the news now

Source : Genk