A social engineering attack that lures victims with something enticing — a free download, a USB drive left in a parking lot, or a too-good-to-be-true offer — to trick them into compromising their security.
A social engineering attack that lures victims with something enticing — a free download, a USB drive left in a parking lot, or a too-good-to-be-true offer — to trick them into compromising their security.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Baiting exploits human curiosity and greed. The attacker offers something attractive — free software, music, movies, or even physical items like USB drives — that contains hidden malware or leads to credential-harvesting websites.
Physical baiting involves leaving infected USB drives, CDs, or devices in places where targets will find them: parking lots, lobbies, break rooms, or conference venues. The natural curiosity to plug in the device and see its contents does the rest.
Digital baiting uses fake download sites, free software offers, pirated content, or exclusive deals as lures. Once the victim downloads the bait, malware is installed that can steal data, encrypt files for ransom, or provide remote access to the attacker.
In a 2016 experiment, researchers dropped 297 USB drives across a university campus. Nearly 48% were picked up and plugged into computers, with the first drive connected within just 6 minutes of being dropped. In a real attack scenario, each of those connections could have resulted in a system compromise.