BAITING – Exploiting Human Curiosity
Baiting is a tactic that leverages powerful social influence principles to lure people into traps, both online and in the physical world.
Baits are very attractive and enticing, not to mention manipulative, and their end goal is to infect your system and gain access to personal information. This is like phishing attacks, but overall, it’s different from most social engineering attacks. Why? Because these attacks offer something free that’s relevant to the target.
Most Common Baiting Techniques
Tempting Offers
Victims will receive tempting offers via ads, email, or social media, of downloadable content that’s free. They will offer users free music, movie downloads, a free digital audio player, or any other downloadable content.
Malware-infected Device
Attackers can send innocent-looking devices to employees as a reward placed in gift baskets. They can also pretend to be from technical support and instruct employees to insert tainted devices into their work computers. Once these devices are inserted into the company computers, malware will automatically be installed on their system and infect the company’s network.
Who is most likely to be targeted by baiting?
·People who are curious about nature
·Those who are easily gullible
·Those looking for a quick fix and easy solution
·Children and teenagers are most likely to take the bait without thinking about the consequences
Techniques to Prevent Baiting
·Utilize impersonation protection to block malicious actors from outside your organization who are attempting to impersonate employees.
·Educate and protect employees from taking harmful actions when they encounter online baiting attacks like Spear phishing and Whaling.
·Disable USB ports on production machines. Alternatively, disable the autorun feature, which allows Windows to automatically launch programs from media devices.
·If something looks or sounds too good to be true, it probably is. Search on Google before you take the bait. Google it!