The honey trap is a technique where an attacker targets a person online by pretending to be an attractive person and then begins a fake online relationship to obtain confidential information about the target company. In this technique, the victim is an insider who possesses critical information about the target organization.
Baiting is a technique in which attackers offer end users something alluring in exchange for
important information such as login details and other sensitive data. This technique relies on
the curiosity and greed of the end-users. Attackers perform this technique by leaving a physical
device such as a USB flash drive containing malicious files in locations where people can easily
find them, such as parking lots, elevators, and bathrooms. This physical device is labeled with a
legitimate company's logo, thereby tricking end-users into trusting it and opening it on their
systems. Once the victim connects and opens the device, a malicious file downloads. It infects
the system and allows the attacker to take control.
For example, an attacker leaves some bait in the form of a USB drive in the elevator with the
label "Employee Salary Information 2019" and a legitimate company's logo. Out of curiosity and
greed, the victim picks up the device and opens it up on their system, which downloads the
bait. Once the bait is downloaded, a piece of malicious software installs on the victim's system,
giving the attacker access.