Scammers are increasingly using Gmail for baiting attacks, to steal user data.These attacks sometimes come with payloads or embedded links in emails, while some attackers might include questions that might have a higher chance of receiving a response.
A report by Baracudda found that 35% of the 10,500 organizations they surveyed received bait attack emails in just one month of September this year.
Barracuda’s research depicts that 91% of these emails are sent from newly-created Gmail accounts, primarily because most people consider Gmail to be more legitimate and secure. Email security solutions also treat Google’s email service as highly reputed. The platform allows users to create pseudonymous accounts without much of a hassle.
Moreover, attackers use Gmail to launch their baits because the platform supports the “read recipient” function, telling them that their email was opened, if not responded to.
It is recommended that users delete any emails that seem like phishing attacks, and not open themselves up to potential exploitation by viewing these emails.
According to Bleeping Computer, threat attackers aim to ensure that the recipient’s email is valid, actively used, susceptible to these kinds of unsolicited emails, and not effective in detecting spam. Many of these emails don’t contain any links or attachments and are thus not seen as malicious and easily pass through phishing defense systems.