Social Engineering: What is baiting?
What is baiting?
A “lucky winner” gets a free digital audio player. In fact this offer compromises any computer it is plugged to – No so lucky huh !! This is a classical definition example of baiting social engineering.
Baiting is like the real-world ‘Trojan Horse’. Therefore it uses physical media and relies on the curiosity or greed of the victim. It’s in many ways similar to phishing attacks. However, what distinguishes them from other types of social engineering is the promise of an item or good that hackers use to entice victims. Baiting person may offer users free music or movie downloads, if they surrender their login credentials to a certain site.
Online schemes do not restrict these attackers. Attackers can also focus on exploiting human curiosity via the use of physical media.
How is Baiting done?
Let’s take an example – with the end goal of infiltrating a company’s network. The social engineer distributes malware-infected devices to employees. As a result they hope that this hardware will be inserted into network-connected computers. Consequently this will give an opportunity to spread malicious code. Infected flash drives are presented to employees as a reward for participating in a survey. For instance, the innocent-looking devices are in a basket of gifts placed in the company lobby for employees to simply grab on their way back to their work area. Another possibility is the strategic placement of tainted devices for targeted employees to take. When marked with intriguing labels like “Confidential” or “Salary Info,” the devices may be too tempting for some workers. These employees may just take the bait and insert the infected device into their company computers – and Voila !
How to Secure Your System Against baiting social engineering ?
The strongest defense against baiting and any other social engineering scheme is educating yourself or your team. Each of us should aim to have a strong security culture within our surroundings – office, home etc. In addition every individual must consider ‘company security’ as an essential part of their individual responsibilities. Specifically for baiting, every individual should do open-discussions with his family, friends and colleagues – and warn them about the dangers of their puny blunders.
Educating yourself and others – is by far the most effective defense you can do against all faces of ‘Social Engineering’.
– Mailfence Team