Baiting- a popular form of social engineering to beware of

It is important to stay up-to-date on the recent cyber scams and tactics hackers are using to access accounts and personal information. One important form of social engineering to beware of is baiting. In baiting the attacker uses physical media and relies on the curiosity or greed of the victim. The attacker leaves a malware infected disc, USB flash drive or other portable media in a strategic location frequented by many (bathroom, elevator, sidewalk, parking lot, etc), gives it a legitimate appearance and intriguing label, and waits for the victim to use the device.

All it takes is a little curiosity or a nice gesture to find the media’s owner and you have malware. This attack makes even the smartest individuals vulnerable because we are are all familiar with the feeling of losing and re-acquiring something valuable due to the good nature of a random individual. What a relief it was to have found that USB containing all your work on it, and while your media didn’t infect its finder, it doesn’t mean the media you find won’t infect you. Do not under any circumstance insert unknown media into any of your devices.

What should you do if you find the bait?

  • If you find an unaccompanied media device, immediately bring it to your company’s security department. Do not insert the media into any of your personal or professional devices.
  • As a best practice, scan all external media, even known devices, for viruses before use.