What is a Baiting Attack?

by

What is baiting? It is one of the simplest social engineering techniques since all that it involves is an external storage device. An attacker will leave a malware-infected external storage device in a place where other people can easily find it.

It could be in the washroom of an organization, in the elevator, at the reception desk, on the pavement, or even in the parking lot. Greedy or curious users in an organization will then retrieve the object and hurriedly plug it into their machines. Attackers are normally crafty and will leave files in the flash drive that a victim will be tempted to open.

 

How to stop a baiting attack:

Slow down and control your emotions

Remember the attacker is trying to manipulate your emotions into making a quick reaction. The more time you take to think about the situation the more likely you’ll start to realize something’s up.

We might be animals when it comes to our emotions, but we’re also brilliant. By slowing down, our rational brain allows us to overcome our feelings.

 

Think about what you’re reading, seeing, and hearing

The more time you give yourself for rational thought, the better off you are when it comes to seeing through the attacker’s ruse.

Look for things like strange word choices or misspellings. Look for visual clues like off-brand graphics (if it comes from someplace like your bank or a store you frequent).

You’re more astute than you might give yourself credit for. If something seems off, it probably is.

 

Check to see who sent the message

Email masking is incredibly prominent in today’s world. Most email clients format the sender address so that it’s easier to discern who it’s from. The problem is attackers leverage this.

If you’ve got the feeling the message you’re reading isn’t on the level check to see who sent it. If the name is familiar, but the email address isn’t there’s a good chance you’re experiencing a social engineering attack.

 

Don’t follow blind links

Links are easy to hide, just like email addresses. If you can’t discern where a web-link is going to send you don’t click on it.

Always make sure to hover or right-click on an email link (whatever your email client is set up for) to see where it might send you.

 

Be Wary of attachments

If you’ve gone through the steps mentioned above, you probably know what I’m going to say here. Don’t download attachments from people you don’t know.

Sometimes it’s a bad idea to download attachments from people that you do. Be on the lookout for e-mail attachments that appear to be Microsoft Word or Excel files. They might contain pretty nasty surprises.

Interested in learning more or exploring your business cybersecurity position? Schedule a free consultation with Integris today.

Carl Keyser is the Content Manager at Integris.

Keep reading

What Can Cybersecurity Awareness Training Do for My Company?

What Can Cybersecurity Awareness Training Do for My Company?

Global spending on employee cybersecurity awareness training is predicted to exceed $10 billion USD by 2027, up from around $5.6 billion USD in 2023, according to the latest estimates from Cybersecurity Ventures. Why? Because more companies than ever are realizing...

Four Social Engineering Hacks You Need to Prevent in 2024

Four Social Engineering Hacks You Need to Prevent in 2024

The Anti-Phishing Working Group (APWG) reports over 963,000 unique phishing sites worldwide were detected in the first quarter of 2024, collectively sending out billions of spam emails a day. Is this number scary? You bet. But it's the growing sophistication of these...

Updating Your Bank’s Security Training for the Age of AI

Updating Your Bank’s Security Training for the Age of AI

How much could AI-driven models like Copilot for M365, Google Gemini, or Apple Intelligence improve the productivity at your bank? The jury is still out on that one, but initial experiments place the overall AI-driven productivity gains for the US economy at between 8...