Social Engineering: What is baiting?
What is baiting?
A “lucky winner” is sent a free digital audio player which in actuality compromises any computer it is plugged to – No so lucky huh !!
Baiting is like the real-world ‘Trojan Horse’ that uses physical media and relies on the curiosity or greed of the victim. It’s in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that hackers use to entice victims. Baiters may offer users free music or movie downloads, if they surrender their login credentials to a certain site.
These attacks are not restricted to online schemes. Attackers can also focus on exploiting human curiosity via the use of physical media.
How is Baiting done?
Let’s take an industrial scenario – with the end goal of infiltrating a company’s network, the social engineer may distribute malware-infected flash drives or similar devices to employees, hoping that this hardware will be inserted into network-connected computers as the means to spread malicious code. Infected flash drives may be presented to employees as promotional gifts or as a reward for participating in a survey. Perhaps the innocent-looking devices are in a basket of freebies placed in the company lobby for employees to simply grab on their way back to their work area. Also possible would be the strategic placement of tainted devices for targeted employees to take. When marked with intriguing labels like “Confidential” or “Salary Info,” the devices may be too tempting for some workers. These employees may just take the bait and insert the infected device into their company computers – and Voilà !
How to Secure Your System Against Baiting ?
The strongest defense against baiting and any other social engineering scheme is educating yourself or your team. Each of us should strive to have a strong security culture within our surroundings – office, home etc where every individual must consider ‘company security’ as an integral part of their individual responsibilities. Specifically for baiting, every individual should do open-discussions with his family, friends and colleagues – and make them aware about the dangers of their puny blunders.
Educating yourself and others – is by far the most effective defense you can do against all faces of ‘Social Engineering’.