Reconnaissance attacks, also known as bait attacks, are when cybercriminals send emails with non-malicious content to targets as a precursor to a phishing scam.
A scammer will send an initial “bait email” to their target that is often short, or even completely empty. These emails are intentionally void of any malicious links or attachments in order to bypass a server’s standard security flags for anomalous or suspicious content.
The email in a reconnaissance attack will usually be sent from reputable email servers (Gmail, Hotmail, Yahoo). A good scammer will only send a few emails out at a time. With no untrustworthy context so far as the server goes and the low-frequency sending tactic, the scammers dispatches are able to avoid spam filters and other bulk-related mailing detection, successfully landing in a target’s inbox.
The goal of the bait email is to verify a target’s email address (which is accomplished if no “undeliverable notice” is received) and – most importantly – to test the recipient’s willingness to respond.
How the attack works:
If the receiver takes the bait and responds to the email, the scammer try to engage the target in a conversation that could lead to leaked credentials, malicious money transfers, or the target downloading malware by clicking on a bad link.
A typical example is the Barracuda Networks experiment, in which an employee received a bait email that read “HI” in the subject line with no text in the body of the email. The employee replied “Hi, how may I help you?” and within forty-eight hours, they received a targeted phishing attack impersonating Norton Lifelock.
Reconnaissance Attacks on the Rise
Because bait emails are innocuous offering no obvious red flags, they are more likely to engage a response from a curious or trusting recipient, and less likely to be blocked by legacy anti-phishing tools. This has made them an increasingly effective online scam tactic. A recent report from Barracuda Networks found that thirty-five percent of the 10,500 organizations in their sample had faced at least one bait attack in September 2021. The study also found that the emails are becoming more targeted, personalized, and difficult to detect.
Since reconnaissance attacks can dodge traditional filtering security, deploying AI-based protection is a key method in fighting the threat. That said, the best way to stop reconnaissance attacks is through better cyberhygiene, both in the workplace and at home.
If you receive a reconnaissance-style email, do not respond and delete it immediately from your inbox.
Takeaways:
Reconnaissance attacks are phishing scams that involve an attacker testing email addresses to find targets who are willing to respond.
Never respond to emails that seem like they may have been sent in error, or which have no text in the body of the email.