Why So Many Smart People Fall for Baiting Attacks — and How to Spot the Traps They Miss

What’s a baiting attack, and why should you care? 

Imagine this: You’re surfing social media and come across a link promising “exclusive episodes” or “leaked scenes” of your favorite drama. You click the link and are taken to what looks like the Netflix site. Or you see a QR code at your local coffee shop offering “one free iced mocha, today only.” What do you do? 

If you’re like most people, curiosity kicks in. Perhaps, you click the link to see if the “leaked scenes” are real. Or you click the QR code for that mocha freebie. After all, what’s the harm in checking? 

In 2025, satisfying your curiosity is exactly what scammers expect you to do. If you’re reading this, know that baiting scams are more convincing than ever. And it could lead to your identity being stolen, your accounts drained, and your most private information exposed. 

Below, we demystify baiting, explain why it’s exploding, and provide actionable tips on how you can protect yourself (and your loved ones).  

Beyond phishing: The allure of baiting 

You’ve probably heard of phishing, those emails warning about non-existent tech issues or payments for accounts you don’t have. But baiting is different. 

Baiting is the art of temptation, a golden chalice overflowing with an elixir of “good” things. Instead of scaring you with overdue payment notices or phony invoices, you get offers for free software, movies, music, gadgets, and even cookware. You get bombarded with pop-up ads promising steep discounts on high-end items. 

In 2025, scammers are using AI to create fake offers, emails, social media posts (aptly called AI slop), and even video generator websites that look 100% real.  

And the most insidious of all: AI-generated deepfake videos of former presidents promising cash handouts just for filling out an online form. 

Today, 95% of online scams start with a simple human mistake, like someone’s curiosity getting the better of them; baiting is designed to exploit that. 

How baiting scams have changed in 2025 and why it matters 

Have you ever picked up a USB drive in a parking lot? 

Not too long ago, USB baiting was a common social engineering tactic. But how effective was it in real-world settings? 

In a large-scale study done in collaboration with the University of Illinois and University of Michigan, researchers conducted an experiment by dropping 300 USB sticks on the University of Illinois Urbana-Champaign campus. 

Here are the stunning, key findings of the experiment, which was shared at the 37th IEEE Security and Privacy Symposium: 

• 48% of the drives dropped were plugged in and had at least ONE file opened. 

• The first drive was plugged in less than six (6) minutes after it was dropped. 

• Parking lots were the #1 drop location - above classrooms, hallways, and common rooms. 

• The estimated success rate for the USB baiting scam was a staggering 4,598%. 

• For users who opened files, the researchers offered a gift card to answer a survey about why they plugged in the drive – 20% agreed to respond. 

• In 24 hours, posts began circulating on Reddit about “weird USB drives” all over campus – but this didn’t stop people from picking them up, plugging them in, and clicking on files. 

• When asked why they plugged in the drives, 68% claimed it was for the altruistic purpose of returning the drive to its owners. Only 18% said they were inspired by curiosity. However, this wasn’t consistent with the type of files primarily accessed: Respondents clicked on winter break picture files more often than resume files, which would have contained owner contact information. 

In 2025, AI has become a force multiplier for scammers, helping them create highly sophisticated baiting attacks at lightning speed and massive scale.  

Since attacks can be launched anywhere in the world, there’s no need for manual USB drops in parking lots. For scammers, this reduces their risk of being caught on surveillance cameras and thus, the likelihood of prosecution. 

AI-powered digital baiting can also amplify the psychological trigger of curiosity by making offers more tailored and therefore, harder to resist.  

And here’s the proof: While 60% of people think highly of their deepfake detection skills, industry research shows only 0.1% can accurately distinguish between fake and real content (such as images and videos). 

Ultimately, scammers have used AI to turn curiosity into a much more powerful vector for cyber-attacks. So, it’s highly critical that you stay informed about the latest baiting strategies. 

True cautionary tales: How baiting scams have wrecked real lives in 2025 

#1 The Bill Gates coin giveaway

In this scam, hackers used deepfake tech and voice synthesis software to mimic the billionaire’s voice and mannerisms. 

This giveaway scam appeared on platforms like YouTube, Facebook, TikTok, and Instagram.  

To claim Bill Gates’ offer of 0.31 BTC, users had to create an account on an exchange site controlled by the scammers. Then, they had to enter a promo code to get the 0.31 BTC credited to their account. 

But there was a catch. To withdraw the prize, users had to “verify their identity” by making a minimum deposit of 0.005 BTC. Here’s what that translates to in real-world terms. 

Currently, the price of 1 BTC is approximately $103,979.  

• 0.31 BTC is worth about (0.31 X $103,979) ~ $32,233 

• 0.005 BTC is worth about (0.005 X $103,979) ~ $520 

Of course, any funds users sent (0.005 BTC or $520) were forever lost to them. In 2020, a scammer leveraged this fake giveaway to receive $120,000 in 375 transactions in just a few hours. Median losses from these types of celebrity coin scams now exceed $52,000 per victim. 

#2 The fake Costco giveaway 

In this baiting attack, victims were offered a free 12-piece HexClad Hybrid Perfect Pots set valued at $899.99.  

Victims received emails with urgent subject lines emphasizing the limited availability of stock. The email directed users to a phishing website that collected their personal and payment information under the pretense of covering “shipping costs.”  

Buried in the fine print were terms enrolling victims in subscription services unrelated to cookware – to the tune of $50-$100 per month. 

#3 The celebrity Le Creuset giveaways 

These baiting scams used celebrity endorsements (Oprah Winfrey, Taylor Swift, Selena Gomez, Lainey Wilson) and have been widespread on social media. 

Victims typically pay an initial “shipping fee” of $9.95, but the real losses (as seen in the Costco giveaway) come from hidden subscription charges. 

In the Lainey Wilson Le Creuset giveaway, victims were charged $89.95 monthly for non-existent subscription services.  

Meanwhile, victims of the Oprah Winfrey cookware giveaway paid even more: After an initial $119 monthly membership charge, each was enrolled in a subscription for either a useless self-help eBook database or defunct travel club membership. The monthly fees ranged from $99 up to $299. 

Efforts to cancel the rogue subscriptions often met with little success, due to uncooperative or unresponsive customer service. 

#4 The super discount giveaway scam 

In this baiting attack, scammers promise victims access to expensive tools for a small fee. Here’s an example of the type of scam messaging you’re likely to see on social media: 

"My daughter, who works at Harbor Freight, told me that if you're over fifty, you can fill out a short questionnaire and get a U.S. General Tool Cart for just $10! They're clearing out their warehouses of old inventory, so they have a lot of these tool carts – and decided to offer them to folks in that age group as a way to show support. These tool carts have a retail price of as much as $600.” 

The message conveniently includes a link to click so victims can input their personal and credit card information. Don’t fall for it! 

#4 The 10-million-dollar sweepstakes scam

Imagine spending your entire life working and saving your hard-earned cash – only to lose it all in a scam. 

That’s exactly what happened to 80-year-old retired nun Rene Pientka, who lost nearly $400,000 to a sweepstakes baiting scam. 

When Rene first received a postcard informing her that she’d won $10 million and a new car in a Publisher’s Clearing House sweepstakes, she didn’t believe it. Cautious by nature, she didn’t act until the calls started coming. Rene says the two men she spoke to were well-mannered and professional. 

They told her she would have to pay luxury and sales taxes before she could claim her jackpot. The scammers even sent gifts to her home to “sweeten” the deal.  

Charmed, Rene paid up. However, she soon became suspicious when the calls kept coming. Eventually, she stopped answering her phone altogether, and that’s when the scammers sent a locksmith to her house. 

Ironically, it was the locksmith who called the police. He said it wasn’t the first time scammers had sent him to the home of an elderly victim after the latter cut off contact. He’s reported those calls to local police at least five times. 

As for Rene, her dream of moving to an assisted living facility has been shattered. Bereft of her life savings, she must now look for a part-time job to make ends meet in her twilight years. 

Remember, you should never be asked to pay a fee to claim your prize. While you do need to pay taxes, you’ll do so when you file your annual tax return. It’s the responsibility of the sponsor to report your winnings to the IRS on form 1099-MISC. 

Ultimately, if a sponsor asks you to “pay for taxes” before you get your winnings, be wary. It’s almost certainly a scam. 

How to make yourself “unbaitable” in 2025 

The five (5) easy questions to instantly spot baiting scams  

Five seconds of hesitation can save you months of misery. Here are five (5) questions to answer before you even think about clicking that “once-in-a-lifetime free offer.” 

1. Do I trust the source? 

• Always verify the legitimacy of an offer by checking official websites and verified social media accounts. 

• Remember that real giveaways always include details like eligibility criteria, prize descriptions, privacy notices, and entry methods. 

2. Was I expecting this file, link, or offer? 

• Ask yourself if you signed up for the offer or requested the link for a giveaway or promotion. If you weren’t expecting the offer, it’s likely a baiting attempt designed to exploit your curiosity. 

• Unexpected offers promising free money or items should always invite a healthy dose of skepticism. 

3. Does it seem too good to be true? 

• Offers that promise expensive gadgets, large sums of money, and high-end cookware sets for little to no effort are classic baiting tactics.  

• Scammers often leverage the “scarcity effect” and the “fear of missing out” to motivate you to act quickly. Remember: If the offer seems too generous and includes an element of urgency, it’s almost certainly a scam. 

4. What information am I being asked for? 

• Legitimate offers rarely require sensitive info. So, be wary if you’re asked for passwords, credit card numbers, Social Security numbers, or banking details. 

5. Have I searched for similar scams online? 

• A quick online search can reveal if others have reported the offer as fraudulent. 

The three (3) easiest, most effective ways to fight back against baiting attacks 

#1 Familiarize yourself with known retail scams

Costco may be a shopper’s paradise, but it’s also a goldmine for scammers. Check out the newest Costco baiting scams here – there are currently 28 in all – so you’re always one step ahead. 

#2 When in doubt, check with official channels

Scammers understand the lure of free offers or promotions from your favorite retailers. It’s exactly why they impersonate popular brands like Amazon, Google, Mastercard, Apple, and Lululemon. 

Imagine this: You’re scrolling through Facebook and spot a couple of ads with the jawdropping taglines “Get a $750 Lululemon gift card – just try our sampler!” and “Today Only – 90% off Lululemon blowout.” 

You check the site URL – Lulusampler.com - and see the Lululemon logo, official branding, and a simple requirement to complete “4-5 recommended deals” to claim your $750 gift card. 

Once you’re on the site, you’re asked for your full name, phone number, birth date, and address (being asked for this info should be a major red flag).  

Next, you’re redirected to a survey or “free trial” for a subscription that requires your credit card number. There’s no progress tracker or clear confirmation of completed “deals.” Instead, you’re redirected again and again to “new” offers after finishing previous ones. 

Eventually, you see unauthorized charges on your credit card (if you entered your information on the site). And that’s not all: Any other personal info you entered could end up for sale on Dark Web marketplaces. 

The $750 gift card? It never existed.  

So, always check official channels before you click: It’s essential for staying safe online. 

And there’s one more thing you can do. 

#3 Use a Secure by Design password manager with autofill, advanced MFA, and Dark Web Monitoring

With LastPass, you get: 

• Autofill only on real sites: LastPass knows the real Lululemon site from the fake ones. It won’t autofill your credentials on a bogus site. So, even if you’re tricked, your info stays safe. 

• Ironclad, unique passwords: With our built-in password generator, every password for every account will be secure. To ensure the strongest credentials, you have the option of customizing the generator to meet CISA and NIST’s highest standards for password creation. 

• Dark Web Monitoring service: If your info ends up on the Dark Web, you get an instant alert. This means you can quickly update your passwords to lock down your accounts before scammers get a chance to break in.  

• Advanced MFA: With LastPass, you can enable FIDO2 MFA, should you choose to. It’s the gold standard in online security, using a hardware key like YubiKey or a virtual passkey. Even if a scammer tricks you into giving up your password, they still can’t get in. There are no codes to copy or texts to intercept. 

Treat yourself to award-winning password management, phishing resistant MFA, and 24/7 Dark Web Monitoring services with a FREE 30-day trial of LastPass Premium (no credit card, personal info, or commitment required). 

Don’t just hope you’re safe. KNOW you’re safe and experience the peace of mind millions of our customers enjoy.