Baiting
Baiting is a social engineering tactic where the attacker users a promise or reward to lure the victim into sharing personal or confidential information.
- e.g.
- attacker often leaves a USB drive in a conspicuous location to tempt someone to connect it to their computer
- USB drive typically contains malware designed to autorun or an intriguing document with macros
- Autorun-enabled malware is less effective on newer operating systems that disable autorun capability
- so the intriguing document approach is much more common
- create a file with a name like “executive bonuses” or “staff layoff plans”
- Once opened, the file contains macro code designed to exploit the computer