Baiting

Dragon… I have heard about a thing called baiting, and because I misunderstood phishing before I asked you I wanted to see if you could describe it to me?


Hi Puff, absolutely, I can try to explain it to you.


Thanks!


Baiting is another form of social engineering that uses the human curiosity.


In what way?


Baiting can be carried out in different ways. It can be done by mail and then it is essentially phishing, a mail that you have won something and ask you to click the link.


But, wait… why is it called baiting and not phishing then?


If you wait a second and let me finish. Baiting can also be done by dropping an USB and hoping someone will pick it up and plug it in their computer.


The difference between baiting and phishing is that when using phishing you often want your victim to give you the information while when baiting, you just want to infect the computer, therefore just one click or one USB will do the trick.


Do you have more examples on bait?


It could be an offer for a free movie download, a discount coupon, or  as I already said, USB drive left in a public place.


Ahh...


What happens if you take the bait then? You mentioned that the goal is to infect the computer.


Yes, when the bait is taken the malware is activated. This will allow the attacker to gain unauthorized access to your system.


Is there any way to protect myself against taking the bait?


Yes, I know I have said it before but it applies here too. Think before you click. If it sounds too good to be true, it probably is. Also, never plug in a USB, put in a CD or attach anything to your phone or computer if you are not 100% certain of its origin.


Thanks for the help!