Baiting
What is Baiting?
BaitingA social-engineering attack that lures victims with an enticing physical or digital object designed to trigger malware execution or credential theft.
Baiting exploits curiosity or greed by offering something attractive — a free download, a pirated movie, or a deliberately dropped USB drive labelled "payroll" — that secretly delivers malware or harvests credentials when used. The bait can be physical (rogue USB sticks left in parking lots) or digital (fake software cracks, malicious ads, decoy torrents). Once executed, the payload may install a backdoor, steal data, or pivot into the corporate network. Defences include disabling USB autorun, endpoint protection that blocks unknown executables, application allowlisting, user education about handling found media, and segmentation that limits lateral movement after compromise.
● Examples
- 01
An attacker scatters USB drives labelled "Confidential — HR" in a company parking lot, hoping employees plug one in.
- 02
A pirated software download bundles a remote access trojan that runs at install time.
● Frequently asked questions
What is Baiting?
A social-engineering attack that lures victims with an enticing physical or digital object designed to trigger malware execution or credential theft. It belongs to the Attacks & Threats category of cybersecurity.
What does Baiting mean?
A social-engineering attack that lures victims with an enticing physical or digital object designed to trigger malware execution or credential theft.
How do you defend against Baiting?
Defences for Baiting typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Baiting?
Common alternative names include: USB drop attack.