Baiting is a type of social engineering attack where a scammer uses a false promise to lure a victim into a trap which may steal personal and financial information or infect their system with malware. Unlike other types of social engineering, baiting promises an item, commodity, or reward to attract victims, infect their systems with malware, and steal their sensitive information. Baiting scams can be executed in different ways, online or offline. For example, attackers may leave the bait of a malware-infected flash drive in conspicuous areas where potential victims are certain to see them. When the victim inserts the flash drive into a work or home computer, the malware is automatically installed on the system. Baiting scams are also online in the form of tempting ads that lead to malicious sites or encourage users to download a malware-infected application.

Baiting is similar to phishing, but unlike other types of social engineering, it promises an item or goods to entice victims. For example, baiters may offer free music or movie downloads if the victim shares personal information such as login data and passwords. Baiting may also take place online, when cybercriminals post tempting offers or ads that lead to malicious websites or get users to download malware-infected applications.

To avoid becoming a victim of baiting, individuals and organizations should stay alert and implement different measures to help counter such attacks. A successful baiting attack can cause financial losses and reputational damages. The best way to protect oneself is to not open any files on media found in public places. If one does, they should make sure their security software is up to date and scan all files before attempting to open them.