Social Engineering: What is baiting?
What is baiting?
A “lucky winner” gets a free digital audio player. In fact, this offer compromises any computer it is plugged to – No so lucky huh !! This is a classical definition example of baiting social engineering.
Baiting is like the real-world ‘Trojan Horse’. Therefore it uses physical media and relies on the curiosity or greed of the victim. It’s in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that hackers use to entice victims. Baiting person may offer users free music or movie downloads if they surrender their login credentials to a certain site.
Online schemes do not restrict these attackers. Attackers can also focus on exploiting human curiosity via the use of physical media.
How is baiting done?
Let’s take an example – with the end goal of infiltrating a company’s network. The social engineer distributes malware-infected devices to employees. As a result, they hope that this hardware will be inserted into network-connected computers. Consequently, this will give an opportunity to spread malicious code. Employees see infected flash drives as a reward for participating in a survey. For instance, the innocent-looking devices are in a basket of gifts placed in the company lobby for employees to simply grab on their way back to their work area. Another possibility is the strategic placement of tainted devices for targeted employees to take. When marked with intriguing labels like “Confidential” or “Salary Info,” the devices may be too tempting for some workers. These employees may just take the bait and insert the infected device into their company computers – and Voila!
What’s the difference between baiting and other social engineering techniques?
The specificity of baiting is to tempt a victim to take the bait, hence the name. The tempting content could be the promise of a gift, or the possibility to get some reward. Therefore, the hacker’s job is to create a trap for its victim.
How to secure your system against baiting?
The strongest defence against baiting and any other social engineering scheme is educating yourself or your team. Each of us should aim to have a strong security culture within our surroundings – office, home, etc. In addition, every individual must consider ‘company security’ as an essential part of their individual responsibilities. Specifically for baiting, every individual should do open-discussions with his family, friends, and colleagues – and warn them about the dangers of their puny blunders.
There are other tips that you can follow to avoid social engineering schemes. Our email security and privacy awareness course will provide you comprehensive information on the specific topic to protect yourself, as much as you can, against social engineering.
Educating yourself and others – is by far the most effective defence you can do against all faces of ‘Social Engineering’.
– Mailfence Team