Just as a fisherman baits the hook in order to catch a fish, baiting in cyber security is very similar. Victims are lured in by something highly attractive in order to entice them into parting with personal information.
The goal is usually to capture confidential sensitive details so the hacker can steal money from an individual, or access a company’s networks and systems.
Types of baiting in cyber security
There are two main types of baiting – offline and online.
Offline baiting
Offline, a cyber-criminal might leave a CD, laptop or USB stick in an open public area to tempt a victim into seeing what’s on it.
Media left in everyday public places, may be engineered to install malware that leads to personal and financial information being exposed to hackers.
When criminals are targeting big companies, the reception area of the company they are targeting is a great spot to leave it. But clever criminals go even further. They get past reception and leave media in offices, lunchrooms or company toilets. The media is branded with the company logo so it looks safe.
When the victim opens files on the media, they see files and folders with relevant business terms that relate to their business or industry. Often these files play on victim’s greed and temptation. Files might be named ‘Profit and Loss Projection’ or ‘HR Information – Confidential’.
Each file and folder will be engineered to install malicious software. If the victim is on a network at that time, the infection can spread throughout the network. Criminals can then encrypt the entire network and demand a ransom.
Online baiting
Online, baiters may send emails or messages offering free music or movie downloads if the victim shares personal information such as login data and passwords.
It might be a social media post promising someone a free gift in return for completing a survey, for example. However, some companies legitimately use techniques like this in their advertising campaigns, which makes it harder to judge legitimacy.
When there is a big game on, the criminal might create a malicious website that is ‘livestreaming’ the game for free.
If a popular TV series or movie is no longer on Netflix, a malicious website with a tempting download link. As soon as the victim opens it, the hacker is in.
How to protect yourself from baiting
Scammers who use baiting in cyber security play on emotions like curiosity, greed and fear.
In the offline world, it’s pretty simple. Don’t open any files on media you find. If you find one either give it to an IT security professional to check or get rid of it.
If you do, make sure your security software is up to date and scan all files on the media before opening them.
Online, it’s a bit harder. Some good rules of thumb are:
- Read it, think about it properly, and act slowly
- If it sounds too good to be true… it usually is
- Think twice before entering personal information; especially anything relating to money
Is your cyber security up to scratch?
Most small businesses do not have enough
cyber security layers in place to fully protect their business. Are you doing enough?
Contact us for a confidential chat about your personal or business circumstances and we can advise you on what protection you need. Or we can take care of everything so you have total peace of mind with our
Small Business Cyber Security Support Package.