Have a Question?

What is Baiting?

You are here:
< All Topics

Baiting attacks use something to pique a victim’s interest or curiosity with the overall intention of luring a victim into a trap to steal personal information or corrupt systems with malware.

They do something to try and entice the victim to take an action that maybe they would not ordinarily take, with a strong focus on blindsiding the person who might usually be more aware of the risks they face in the regular day to day of their role.

One example of baiting would be to use physical media to spread malware. For example the attacker would leave the bait such as a USB stick where a victim may find it (car park, elevator etc of a targeted company). It may have a label on it identifying it as authentic such as “company payroll list”. The target victim would then insert it into a work or home computer resulting in automatic malware installation on the system.  Once this attack is underway there are a number of routes that the attack may follow such as exfiltrating data and making it public to damage the organisation, or using the same process to demand a ransom from the organisation.

In addition to physical baiting there is online baiting.  This attack method may consist of enticing ads on the internet that look and feel legitimate to the audience and highly relevant to the role or company they work for.  Once the ads are clicked on this leads to malicious sites being loaded which will be encouraging users to download an infected application, of course this is not known to the user at the time and will only become an issue once the user or someone within the target business becomes aware of the issue.  

Both physical and online baiting can be prevented by delivering staff training and communications focused on these risks.

Was this article helpful?
5 out of 5 stars
5 Stars 100%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.