ELI5: What is Baiting?
Someone leaves a shiny USB drive labeled “Free Games” in the hallway hoping you’ll plug it into your computer. Once you do, bad software sneaks onto your machine. The “free gift” was the trap all along.
Definition
Baiting is a social engineering attack in which the attacker entices a victim with something desirable—such as a free USB drive, a pirated software download, or a prize—to get them to perform an action that compromises security. The “bait” typically contains malware or leads the victim to a malicious site. Unlike phishing, baiting often relies on physical items or curiosity rather than deceptive communication.
Key Details
- USB drop attacks: Malware-laden USB drives left in parking lots or common areas; curious employees plug them in.
- Free software: Pirated applications or games bundled with trojans or spyware.
- Exploits human curiosity and the appeal of “something for nothing.”
- Awareness training should specifically address USB hygiene—never plug in unknown devices.
- Physical baiting attacks (USB drops) can bypass perimeter security entirely.
Connections
- Parent: social-engineering — a category of social engineering technique
- See also: phishing