Baiting is a type of cyber attack that involves use of a physical object. The hacker places a type of electronic storage media (such as a USB, CD, or external hard drive) near the victim in hopes that they can play off the victim’s curiosity. The victim may be eager to reveal see what’s inside and connects the object to their computer to get a closer look – but, this is where the real problem occurs. Once this object is connected, dangerous malware can be spread to infect the victim’s computer and steal important personal data that is stored on the computer. This stolen information can be used either to personally benefit the hacker, or sold for a profit on the Dark Web.
Continue reading below for more information on the different types of Baiting as well as tips for how you can protect yourself.
Top 3 Ways Hackers Bait the Victim
A Provocative Title
Many times the social engineer will label the device with a provocative title that is meant to tempt the victim to view the contents. Common titles may be “2018 employee payroll” or “2018 Executive Bonuses.” The note is created to provoke your curiosity and encourage you to download or open up the contents that are supposedly inside.
No Owner In Sight
The hacker will purposely place the object in the view of the victim and make it seem like it is an easy steal. This gives the victim the impression that they can get away with opening what is inside with unlikely repercussions.
Another way that the hacker is able to still infiltrate is through HR. If the employee finds the suspicious device and believes that it’s supposed rightful place is in HR, then this can set off a chain reaction if the device is opened up and malware is spread. Data breaches often occur in this way, when someone in an organization opens an unknown device to see what its contents were (or to help identify the rightful owner) only to discover that it is a virus with malware that could endanger the company.
Precautions to Avoid Pharming
1. Do not grab anything that isn’t yours. This might go without saying, but by making sure that you do not accidentally (or on purpose) grab a device that isn’t yours, you are decreasing your chances of getting baited and having your critical personal information exposed.
2. Notify Human Resources. When turning a suspicious device over to HR (or another department in your organization), be a good citizen by reminding them that if they are not familiar with the device it could possibly contain malware.
3. Keep Your Workspace Clean. By making sure that your workspace is always picked up and organized, it can make it easier to spot an item that does not belong, and maybe even become a culprit for destruction.
4. Tell Security. Notify security and your fellow employees of the suspicious device as there is high likelihood that additional devices were deposited across the workplace.
How Can iLOCK360 Help?
Did you know that your iLOCK360 membership can help alert you if your personal information may have been bought or sold by hackers online?
iLOCK360’s proprietary CyberAlert can help you monitor your identity 24/7/365 for possible compromise on the Dark Web (i.e. the anonymous online marketplace where illicit activities occur). If your monitored information is found bought or sold online you will be automatically alerted so that action may be taken to address the issue.
CyberAlert’s available monitored features include: Bank Accounts, Credit/Debit Cards, Email Addresses, Phone Numbers, Medical ID Numbers, Social Security Number, Driver’s License and Passport.
Want to know if your information may have been compromised by a cybercriminal on the Dark Web? Be sure to log into your iLOCK360 account to setup this feature today.