What is a 'Bait Record'

Bait records assist in the identification of criminal activity related to the improper dissemination of nonpublic information. They work on the same principle as a honeypot in the sense that they appear to contain valuable information but, in reality, exist only to ferret out unauthorized access to information. The fake information attracts its targets in the same way bait does on a fishing line.​​​​​​​


No matter how carefully organizations set up their cybersecurity protocols, unauthorized use of information remains a potential problem. The application of hacking through the use of social engineerings, such as phishing email attacks, or other methods exploits human tendencies and gain access to sensitive information. A ten-year study by Trend Micro found the use of hacking offered criminals the best returns for their efforts. These attacks create vulnerabilities beyond the protection of mechanical tools like encryption or password protection.

Bait records offer an additional line of defense in situations where an unknown security breach exists because they allow the affected entity to trace the unauthorized information back to the person who stole it. These traps are usually set on virtual servers wholly segregated from the rest of the businesses data files. 

Financial services organizations collect vast quantities of material and nonpublic information about their clients and the products they represent. This information ranges from consumer credit card information and Social Security numbers to upcoming news about substantial events that could affect a firm’s stock price. The U.S. Securities and Exchange Commission (SEC) maintains strict rules about the care and protection of material, nonpublic information because of its links to insider trading, where a trader uses sensitive information not known to the general public to profit off a trade or set of trades.

Bait Records for Employee Use Control

Firms have difficulty protecting material, nonpublic information because some employees may legitimately need access to the data to perform their job responsibilities. Also, authorized users may find it tempting to misuse information in certain situations. The same Trend Micro study found that unhappy employees were the second most frequent route to leaked data. Unhappy or vengeful employees become identity thieves, however, when they do not have a legitimate reason to look-up and copy the information. But not all employees are disgruntled and looking for revenge. Employees may innocently leak information without intending to do so. 

In theory, a bait record should see significantly less user access than a legitimate file, since no authorized user would have any reason to seek out fake records. Access logs for bait records, then, will contain a narrower set of users consisting only of those who indiscriminately pull data, making the illicit activity easier to discover and prosecute. In other cases, bait records used to commit insider trading or similar crimes will propagate bogus information, making it easier for investigators to target the perpetrators of fraud.

Hacking Tax Professional Records

Tax accountants are prime targets for those wanting to steal private information. Personally identifiable information (PII) is the most common type of data taken. Thieves will steal client records and use that information to file fraudulent tax returns in the following year. The information contained in tax records may also be used to set up credit card accounts and other financings. The Federal Trade Commission (FTC) sets regulations for tax professionals, who must create and use strict security to protect client information, in IRS Publication 4557 and 5293.

For example, a perpetrator attempting to steal credit card and social security numbers will likely want to pull as many records off a system as possible. By seeding bait records in the data, firms can track illicit patterns of use. Thieves desire more than just the access to financial information. They also look for healthcare, education, and credentialing information. 

The FTC conducted a study in 2017 to determine what happened to leaked consumer data. By creating fake consumer accounts, they were able to track the actions hackers took with the information. The study posted the false data on the dark web on two different dates. The first posting saw illegal activity with the fake information within an hour and a half, while the second posting required only 9 minutes before someone attempted to use the information illegally.

  1. Material Insider Information

    Material insider information is material information about aspects ...
  2. Data Breach

    A data breach is an unauthorized access and retrieval of sensitive ...
  3. Insider Information

    Insider information is a non-public fact regarding the plans ...
  4. Medical Identity Theft

    Medical identity theft involves the use of another person's health ...
  5. Customer Information File (CIF)

    A Customer Information File (CIF) is a computerized file that ...
  6. Regulation V

    The introduction of Regulation V set new federal standards on ...
Related Articles
  1. Personal Finance

    Identity Theft: How to Avoid it

    Don't be a victim of this disturbing crime. Get insight into how perpetrators commit this form of fraud.
  2. Tech

    How to Keep Accounts Safe From Cyber Criminals

    With the advancement of financial technology online comes the risk of criminals who try to hack your accounts. Here's how to protect yourself.
  3. Taxes

    How To Safeguard Your Tax Returns From Identity Theft

    Identity thieves love tax season. In 2012, there were 13 million victims of identity theft. As easy as it is for thieves to steal your information, there are also simple measures you can take ...
  4. Trading

    Defining Illegal Insider Trading

    The better you understand why insider trading can be criminal, the better you'll understand how the market works.
  5. Insights

    Why Insider Trading Is Bad for Financial Markets

    Insider trading can come in many forms, some of them even legal, with the benefits and costs often debated by practitioners and academics alike.
  6. Tech

    Hackers Steal Medical Records from Quest Diagnostics (DGX)

    Quest Diagnostics is the latest company to disclose it was the victim of a hack, putting information on around 34,000 individuals at risk.
  7. Investing

    5 New Phishing Scams To Watch Out For

    These five scams may seem transparent, but thousands of people fall for them annually.
  8. Tech

    Prevent Employees From Hacking You Computer System

    Cyber security attacks from a current or ex-employee can cause a lot of pain. Here is how to avoid such attacks.
  9. Tech

    5 Ways to Avoid Identity Fraud

    Identity theft was the number one consumer complaint in 2014. Here are some ways you can protect yourself.
  10. Taxes

    Is Your Online Tax-Prep Service Secure?

    News that even IRS-approved online tax-prep companies can fail a cybersecurity test is worrying. Here are steps to keep your personal tax data safe.
  1. Am I Responsible for Fraudulent Charges on My Credit Card?

    If your credit card is stolen in the US, federal law limits the liability of card holders to $50, regardless of the amount ... Read Answer >>
  2. Is a private company required to show financial information?

    Understand whether a private company is required to disclose financial information to the public. Learn what is required ... Read Answer >>
  3. What does the Efficient Market Hypothesis have to say about fundamental analysis?

    Find out what the efficient markets hypothesis has to say about fundamental analysis and how recent finance research has ... Read Answer >>
Trading Center