CYBER security experts have uncovered a cunning scam campaign targeting Gmail users.
Fans of the popular email service, which boasts more than 2billion users worldwide, are being hit by a two-stage strike known as a “bait attack”.
According to a report from US security company Barracuda Networks, the technique is used to gather information before launching a phishing attack.
“Bait attacks are one technique attackers are using to test out email addresses and see who’s willing to respond,” researchers wrote in the report published Tuesday.
They added that the perpetrators are “working to collect information that will help them improve the odds that their attacks will succeed.”
Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick the victim into revealing sensitive information.
Emails are typically dressed up to appear to be from a company or person that the victim trusts. The attacks are also used to infect devices with malware.
The scam unearthed by Barracuda involves first sending a victim a seemingly innocuous email, such as a blank message with “hi” in the subject line.
That initial contact is able to slip past email spam filters because it doesn’t include any phishing links, malicious attachments or malware.
The goal is to verify the existence of a victim’s email account and the willingness of the victim to respond to messages.
Once initial contact has been made, a second email is sent to the target impersonating a person on company known to them.
One such message spotted by researchers pretended to be sent by Norton LifeLock, an anti-virus software company.
Phishing links sent in the second email may try to get users to hand over their personal information, bank details, or their company logins.
Of 10,500 organisations surveyed by the researchers, over 35 per cent were targeted by at least one bait attack in September 2021.
An average of three distinct mailboxes per company received one of the messages.
As well as Gmail, the attacks are targeting users of other email services such as Yahoo and Hotmail.
To protect against bait attacks, Barracuda recommends deploying artificial intelligence to identify and block them.
The company also suggests training employees to recognise attacks, and marking them as spam as soon as early as possible.
In other news, iPhone owners in the UK have had a £750 payout from Google snatched from them by the UK’s highest court.
Google Chrome users are being warned to delete the browser amid fears highly sensitive data is being harvested.
Facebook has announced that it’s changing its name to “Meta”.
The company is working to create lifelike avatars of its users that they can control in a virtual world called the “metaverse”.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at email@example.com