If one or more employees in an organization receive an unsolicited blank email, this may mean that the company will soon be targeted in a business email compromise (BEC) scam campaign, Agari researchers warn.
The company has been tracking various BEC scam groups and discovered that these threat actors often send out blank emails as a way of validating potential targets. If the email address is not valid, the attackers will receive a bounce notification. The absence of such a message usually means that the email was delivered successfully and that the address can be targeted in upcoming scam campaigns. The blank emails are usually sent outside of business hours when they are least likely to be noticed.
Read more: Unsolicited Blank Emails Could Portend BEC Attacks