Luring attack
(also deception attack)
Luring attack definition
A luring attack is a cyber attack where an attacker tricks a target into compromising their security or divulging sensitive information. This attack exploits human psychology and manipulates the victim’s trust or curiosity.
In a luring attack, the attacker typically creates a deceptive scenario or lure that appears enticing, legitimate, or urgent. This could involve sending phishing emails, setting up fake websites or login pages, or even impersonating a trusted individual or organization. The attacker aims to trick the victim into taking a specific action, such as clicking on a malicious link, downloading malware, sharing credentials, or providing sensitive data.
See also: social engineering, USB drop attack, Watering hole attack
Occurrence of luring attacks
- Phishing emails. These emails mimic legitimate organizations, such as banks or online services, and attempt to deceive recipients into revealing their login credentials, financial information, or other sensitive data.
- Baiting. Attackers leave physical or digital “bait”, such as infected USB drives or downloadable files. When a curious victim accesses the bait, malware is installed on their system, allowing the attacker to gain control or steal data.
- Impersonation. Attackers impersonate trusted individuals, such as coworkers, technical support personnel, or law enforcement officers, and manipulate victims into sharing sensitive information, granting access, or executing malicious actions.
- Watering hole attack. Attackers compromise websites that are frequently visited by the target audience. By injecting malicious code into the website, they exploit the visitors’ trust and infect their systems with malware.