Baiting in cyber security is similar to phishing in many ways; it is a simple but effective type of social engineering attack. Baiting attacks use something to pique a victim’s interest or curiosity with the overall intention of luring a victim into a trap to trick them into giving up their sensitive personal data, such as login credentials or corrupting systems with malware. Attackers can use digital forms, like free content downloads on a site or physical forms, like a USB drive.
An example of baiting would be using physical devices to spread malware. The scammers would leave physical devices like malware-laden USB drives or other infected physical media in public areas like the reception, restrooms, desks, or corridors of the targeted organisation.
The planted devices are often included with personalised stickers or company logos to give them a trustworthy appearance. In that case, baiting attacks work if one or more staff members pick up the infected device and plug it into their computer.
Additionally, hackers may have a chance to load the planted devices with files and folders named carefully to entice the victims to want to open them. These files can be called something suggestive or enticing like “XXX Information – CONFIDENTIAL, which can tempt employees to open them. After a malicious file is opened and downloaded into an employee’s system, it can spread laterally through the internal network, resulting in damaging data breaches and cyberattacks.
Apart from the physical form, there is also digital baiting. As with physical devices, scammers can also use a digital form, such as creating a malicious website with a fake download link that would allow victims to download all the latest releases for “FREE”.
Security awareness training
Providing staff training workshops can prevent both physical and online baiting attacks. Employees can understand how prevalent and emerging baiting risks are. In addition, staff members will be educated on detecting social engineering attempts and increasing their awareness of baiting in cyber security.
Swiftcomm can offer security awareness training, such as seminars and workshops to your employees with hands-on experience in dealing with various cyber-attacks. When employees understand the risks of opening unwanted attachments and links, they will always be alert and suspicious of baiting, in addition to raising awareness of cybercrime. Swiftcomm can also improve the workplace’s cyber hygiene by providing a real-time training program.