Baiting

Threats ⚠️ • Social Engineering 👥 • Sec+ Glossary 📖 • Security+ 02 • Difficulty: premium

What is Baiting?

Baiting is a social engineering technique in which an attacker offers something tempting or interesting in order to persuade a target to take an action that leads to compromise, exposure, or unauthorized access.

Examples

An attacker leaves infected USB drives in a company car park, hoping employees will plug them in out of curiosity.
A user is lured to download a 'free' piece of software that actually installs malware.

Discover 🔎

Not every attack relies on fear, authority, or urgency. Some rely on temptation. If a target is curious enough, greedy enough, or simply interested enough, the attacker may not need to pressure them at all. The victim moves toward the attack voluntarily because the bait looks useful, valuable, or harmless.

That is what makes baiting different from many other forms of social engineering. Instead of forcing action through panic or impersonation, the attacker creates an attractive opportunity and waits for the target to take it. The weakness being exploited is not technical first. It is human curiosity and desire.

Remember: Baiting works by making the victim want to engage. The attack feels like an opportunity rather than a warning.

Summary 📝

Baiting is a social engineering technique that succeeds by offering something appealing enough to draw the victim into risky behavior. The bait may be physical, such as a planted USB drive, or digital, such as free software or enticing files. Its strength comes from exploiting curiosity and perceived opportunity, which is why strong user awareness, clear handling processes, and technical restrictions are all important defenses.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.