Online security company Barracuda reports that 35% of organizations were targets of at least one baiting attack during September 2021, with the vast majority coming from newly created Gmail accounts.
Most bait attacks are blank emails, as their purpose is just to verify that the targeted email account is active and receptive to cyberthreats.
If the target opens the bait, they’ll likely receive a phishing threat in the near future. Worse yet, if they write back, then the subsequent phishing attack is a near certainty.
Barracuda’s security experts dived deep. They replied to one of the baits and in less than 48 hours the phishing threat came. Ironically, the perpetrators pretended to be Norton Lifelock, one of the best id theft protection solutions in the market.
Cybercriminals take full advantage of the Gmail “read receipt” functionality, which notifies the sender when their email is opened. Furthermore, many recipients perceive Gmail as one of the most secure email hosting services, which makes them less cautious when going through their inbox.
Phishing Is Not Email-Exclusive
Although most phishing threats come via email, cybercriminals don’t shy away from other means.
Dr. Alan Rea warns chat messages are becoming alarmingly popular for social engineering strikes. “You’ll get them on whatever social networking site you’re on, so I just tell people don’t click on the links even though it’s convenient,” says the cybersecurity expert.
In 2020 alone, the FBI recorded more than 240,000 phishing attacks, and the latest reports suggest that the pandemic-induced surge is not dying down.
What can people do to protect themselves from these attacks?
Other than being cautious about the emails they open and the links they click on, there are plenty of services that help internet users be safe. Chief among them are identity-theft protection programs, password managers, VPNs, and even personal data removal services like DeleteMe.