Bait attacks (also known as reconnaissance attacks) are a class of threats utilized by malicious actors looking to gather information from potential victims. The goal of bait attacks is to confirm the existence of a victim’s email account, if the message is not returned as undeliverable, or to engage in a conversation with the intent to collect information for future attacks. The initial messages are often very short or completely empty. Because these emails have very little content and are often sent from reputable email services, it is difficult for conventional phishing detectors to defend against them.
If the past year has shown us anything, it’s that anyone is susceptible to bait attacks, just as they are to other email threats. In a previous report, Barracuda found that the average organization is targeted through 700 or more social engineering attacks each year. These kinds of attacks are only becoming more targeted and personalized, making them increasingly difficult to detect.
To defend against these kinds of attacks, security teams should implement AI detection methods. They should also train their users to recognize and report bait attacks to their IT and security teams, displaying real examples in security awareness training and attack-simulation campaigns to better prepare employees to identify and respond appropriately.
Most importantly, security teams should not let bait attacks sit inside users’ inboxes. Once a bait attack is identified, it is critical to remove it immediately, before the message can be opened or given a response. This will help to prevent any further activity from the threat and lessen the odds of becoming a target.
Researchers from Barracuda analyzed bait attack patterns in September 2021 from 10,500 organizations.
Read the full report by Barracuda.
VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact.
Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
- up-to-date information on the subjects of interest to you
- our newsletters
- gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
- networking features, and more