Gmail users have been cautioned about a new phishing scam campaign known as “bait attack,” which is now targeting anyone who use Google’s email account.
Gmail users are being warned about a new phishing scam
As a result, according to The Sun, billions of Gmail users are vulnerable to the two-stage strike phishing scam.
It comes as Barracuda Networks, a security firm based in the United States, discovered a new phishing scam approach that has grown in popularity among cyber attackers.
According to one of the security firm’s researchers, more than 35% of the 10,500 firms that participated in their survey had encountered a “bait attack” at least once as of September.
It is also worth mentioning that the attackers are not only targeting customers of Google’s email service.
Indeed, the security firm that discovered the “bait assault” fraud warned that escalating attacks include Yahoo and Microsoft’s Hotmail.
Gmail and ‘Bait Attack’
According to a survey by Bleeping Computer, there is a massive increase in online bait assaults, which are largely transmitted through Gmail accounts.
According to Barracuda research, over 90% of bait attacks are carried out by creating a new Gmail account.
As a result, only 9% of threat actors use alternative email clients, including Yahoo.
Meanwhile, Barracuda discovered that “bait attack” scammers sometimes pose as anti-virus software companies, such as LifeLock and Norton.
‘Bait Attack,’ a new phishing scam: How Does It Work?
With that out of the way, here’s how the new phishing scam targets and attacks its victims.
As previously said, “bait attacks” are a two-step strike attack, which implies that the scammers will first obtain information from their victim before launching the actual attack.
In most cases, “bait attackers” begin by sending an empty email with the subject line “Hi.”
The attackers send these seemingly worthless emails to gather essential information for the attack, such as the activeness of the email and the target’s vulnerability to open such messages.
Furthermore, by simply sending an empty email, the attackers might learn more about the user’s auto-spam settings.
The attackers will then send the phishing email pretending to be a security firm in order to deceive their target.
Barracuda advised that artificial intelligence be used to combat the spread of the latest phishing scheme.