In a reverse social engineering attack, the victim is tricked into contacting the attacker. As a result, they trust the attacker, and are less likely to be suspicious if asked for information such as passwords.
It works like this:
- The attacker causes some damage to the victim’s device or makes it appear that there is a problem. This might be through a phishing link, or by creating a denial-of-service attack. The victim then has (or seems to have) a problem that needs fixing.
- The attacker advertises themselves as someone who can fix such problems, and the victim is tricked into approaching the attacker for help. This could be via an advert or an email about the very problem the victim is facing.
- “Has your device slowed down recently? Is it behaving oddly? It may need some routine maintenance—just like servicing your car—to help it run smoothly again. Contact your friendly local IT company for help”
- If they can convince the victim that they are trustworthy and able to fix the problem, they could then:
- ask for a fee to fix the problem and/or ask the victim to download software (that happens to be malicious)
- and/or ask the victim for login credentials to their device or system.
- Once they have access to the device and from there to the applications the victim uses, they can then establish a way to get back into the device later and/or add additional problems that will appear later.
Of course, devices slowing down or behaving oddly is so commonplace that an attacker could even skip step one, and just advertise themselves as being IT experts, or even cyber security experts… and wait for potential victims to approach them.
Reverse social engineering is just another form of social engineering. Be very careful if anyone asks for confidential information.
Contact us for help with cyber security awareness training (and so much more) on 0113 633 6230 or use our contact form.
