National KE-CIRT/CC Cybersecurity Best Practice Guide of the Week

 

BAITING

 

In This Issue:

   Baiting

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Just like the term suggests, baiting attacks involve offering victims something they want. Most often, these appear on peer-to-peer sharing sites where you can download or stream those hot new movies or new music you’ve been hearing about. The risk is that you may be downloading malware instead of, or in addition to, the files you actually want. Baiting can also include too-good-to-be-true online deals or fake emails with answers to questions you never asked on any forums.

 

REMEMBER: Baiting intrinsically plays on human curiosity and weakness.

 

 

How do you avoid being a victim?

 

                 Pay attention to the URL of a website. Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g. .com vs. .net).

                 If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Do not use contact information provided on a website connected to the request; instead, check previous statements for contact information.

                 Avoid clicking on offers that pop up as advertisements.

                 If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

Have the above security tips in mind when operating your computer systems. Report any cybercrime incident/activity

to  incidents@ke-cirt.go.ke. / www.ke-cirt.go.ke