REVERSE SOCIAL ENGINEERING
A reverse social engineering attack is a person-to-person attack in which an attacker convinces the target that he or she has a problem or might have a certain problem in the future and that he, the attacker, is ready to help solve the problem.
Reverse social engineering is performed through the following steps:
- An attacker first damages the target's equipment.
- The attack advertises himself as the person of authority who would solve the victim’s problems
- The attacker gains the trust of an individual and initiates an attack which in turn paves the way for the victim’s personal information Reverse social engineering attack happens in two ways. One is known as the targeted attack and the other is known as the mediated attack. In targeted attack, the attack needs to know the information of the victim beforehand and in case of mediated attack, the attacker will post some attack messages to lure the victim into the trap.
Example of reverse social engineering attack
Recently a user updated a posted a Facebook status in public forum that the user has been facing some issues with windows 10 and he needed someone get the job done. Some of the comments said suggested to the user should to go to a legitimate professional solve the problem. In response, one person commented that doing this would cause the user a lot of money and he could solve the problem of the user at less cost. The user was interested and connected the personnel on a personal chat. In these personal chat, the attacker asked him about the personal details like the Gmail password. As soon as the password was given him all his credit card details and bank information was stolen and a large sum of money was debited from his account. Reverse social engineering acts on the victim reacting first, cyber criminals act convincing and the victim is made to fall into the trap. The only difference from social engineering lies in the fact that in reverse engineering the victim acts first and triggers the attack.
Recently a user updated a posted a Facebook status in public forum that the user has been facing some issues with windows 10 and he needed someone get the job done. Some of the comments said suggested to the user should to go to a legitimate professional solve the problem. In response, one person commented that doing this would cause the user a lot of money and he could solve the problem of the user at less cost. The user was interested and connected the personnel on a personal chat. In these personal chat, the attacker asked him about the personal details like the Gmail password. As soon as the password was given him all his credit card details and bank information was stolen and a large sum of money was debited from his account. Reverse social engineering acts on the victim reacting first, cyber criminals act convincing and the victim is made to fall into the trap. The only difference from social engineering lies in the fact that in reverse engineering the victim acts first and triggers the attack.
PREVIOUS NEXT
Comments
Post a Comment
If you want information about anything else, then tell me in your comment