Don't Take the Bait: Tips to Avoid Falling Victim to Phishing and Baiting

Don't Take the Bait: Tips to Avoid Falling Victim to Phishing and Baiting

The old days of a hacker sitting alone in a basement typing feverishly to breach a database are over. That’s just for the movies. In the real world, almost all cyberattacks are socially engineered, meaning we fall for scams.

Of course, there are levels to creating a scam. It can range anywhere from getting an email from a Nigerian prince claiming you’ve won millions of dollars to an email from your bank asking for your personal information. With so many situations to look out for, here are some general tips so you don’t take the bait.

What is baiting?

You’re walking around your office to get a cup of coffee, and surprisingly, you see a USB drive labeled “Salary Info 2023”. There’s no one around, so it makes perfect sense to take it and see how you compare against your coworkers. You plug in the device, and you infect your device with malware.

This is one of the most common examples of a baiting attack in the physical world. A workplace is considered a safe environment, which is why it works so well. But 50% of people would pick up a flash drive from the parking lot too!

Baiting doesn’t end there. It’s even more prevalent online. Most of the attractive offers in your inbox fall into the same category. Out of nowhere, on a Monday morning, you get an email that you’ve won a hundred bucks worth of credits to buy Nike shoes. You click the link because it’s a legitimate company and create an account. Chances are, you’ll use the same password as your email or social media accounts and even add your credit card details before you complete the purchase. The website looks identical to the one you’ve visited before, and boom, your account gets drained.

The same tactic works when you want to watch a movie for free, download a video game, or receive a phone call saying you’ve forgotten to pay your electric bill and to recite your personal information.

What is phishing?

Phishing is baiting’s cousin, and they have the same goal – to scam for personal details or money. Phishing creates a situation with urgency and makes incredible use of human psychology.

Usually done by mail, phishing attacks have the highest success rate. Cybercriminals set up fake domains of credible websites. Then, they strike.

Imagine getting an email from Bank of America saying that someone tried to log in to your account or a payment has been made and asking to confirm whether it was you. Thinking that you’re a victim of fraud, you’ll click on the link stating that it wasn’t you. And that’s where they get you.

The email in your inbox could look to be from “james@bankofamerica.com,” but the website you click on would have the domain “bankofarnerica” or “bankofannerica.” In the heat of the situation, you won’t check the domain because the site could be an exact replica. You’d log in to your account and enter your credit card details again. Thinking you’re safe, it won’t be long until your account gets drained and you receive an official email from the support, and not from James.

This is just one example out of many, but it’s how most attacks work.

How to protect yourself from it?

When the adrenaline of getting something for free or getting your account breached hits, it’s hard to make rational decisions. Your first thought would be to click and settle the problem immediately.

Just because someone sent you an email, SMS, or texted you in your DMs, doesn’t mean that it’s safe. Oftentimes, messages that look credible are the ones that are the most dangerous.

Be skeptical about everything that sounds too good to be true:

  • An 80% discount on your favorite shoe collection for the next hour? Probably bait.
  • You’ve been randomly selected for a $1000 giveaway, and you only need to enter your email! Probably bait.
  • Someone tried to reset your Amazon password from Estes Park, Colorado! Probably bait.

All of these emails sound urgent, and if you doubt they’re real, call the company and ask if they’re true. It only takes a few extra minutes.

Antivirus and VPN

A combination of antivirus and virtual private networks is like having a full-scale security system. An antivirus scans threats before they latch onto your device. A VPN hides your real IP address and makes you private online. Combined together, attackers won’t be able to target you. Even if they do, you have two lines of defense before your primal urges force you to download a Salary Report from HR, which randomly got sent to you.

A few final words

Phishing and baiting attacks are nothing new. They’ve been around for decades, but they’re becoming more sophisticated by the day. Whenever you doubt a message, email, or file, it’s better to do a bit more research compared to getting your info stolen.