Social Engineering Attacks Have Become the Most Used By Cybercriminals
Social engineering attacks have become some of the most used by cybercriminals. Whether through a fraudulent email ( phishing ), a phone call ( vishing ), or an SMS ( smishing ), cybercriminals can easily obtain the victim’s information and carry out the attack.
In this blog, we have discussed them many times and explained the different techniques they create to achieve their goals. One of them is what we will talk about next: reverse social engineering.
To understand this concept, we must first remember what ”normal” social engineering is. It is a technique through which, through deception, cybercriminals managed to steal personal data and sensitive information for illegitimate purposes.
To do this, the attacker has to approach the victim and make him believe that he has to provide that information, most of the time, through identity theft, whether it be from a bank, a social network, or any service that the victim uses. And create trustworthiness.
In the case of reverse social engineering, it is the victim himself who approaches the cybercriminal and ends up providing the information almost voluntarily. In this way, cybercriminals are spared the part of the deception that is perhaps the most complicated and requires the most social skills, but how do they achieve it?
To do this, the cybercriminal has to become a trusted figure for the victim, for example, a technician who can help them solve a security problem. The only thing that the victim does not have is that this technician has not appeared by chance, and neither has the problem on his device; that is, an attacker could infect a device and take advantage of the situation and urgency of this type of case, impersonate the person who has the solution. The victim will then make all the information she requests available to her, hoping that she can help him solve the problem.
We can then say that a reverse social engineering attack consists of three phases:
In the first, the cybercriminal attacks the victim’s computer. This attack may be minimal, but it will alert the victim and make them seek a solution, for example, the help of a technician.
The second phase is that of deception, through which he manages to gain the victim’s trust until the latter demands his help. He can present himself as a trusted technician that the victim will hire to solve the problem without knowing that he created it.
Finally, in the assistance phase, the attacker obtains the information he was looking for directly from the victim. In this way, the cybercriminal gains access to the victim’s device. It can take control to carry out the real attack without raising suspicion.
Broadly speaking, we can say that the easiest way to protect yourself from this type of attack is to hire only trusted providers and do a history check whenever you outsource and have access to important data from our company. But, even so, we can always be victims of an attack, so we are going to know the main ways that cyber attackers use to attack through reverse social engineering:
Internal attack: Suppose the cybercriminal cannot attack from the outside. In that case, he will attack from within the organization, for example, through a disgruntled employee with physical access to our company network.
Phishing: A type of attack that we already know, through which, through an email, the cybercriminal impersonates the identity, for example, of a bank, making the victim believe that they have to access a link and enter their data, being this fraudulent link and making the information fall into the hands of cybercriminals.
Identity Theft: The cybercriminal pretends to be an employee of the company, having access to all the information from the inside.
Once the attacker is inside the organization, he can modify this information at will. For example, changing the phone number of the IT support to your own or putting up signs with a number to contact in case you need help (your own).
When employees need it, they will go to that number they consider reliable. Feeling that trust and the urgency to repair their equipment, the user will provide them with all the information that the false technician requests. To reach this situation, it is the cybercriminal who, through different methods (for example, deleting an important file), creates the need for the employee to go to the technical service.
Suppose they do not gain physical access to the organization. In that case, cybercriminals will do their best through electronic means to reach their victims, send technical support offers, position themselves on the Internet to appear more trustworthy or collect information from employees to find out their interests and trick them via email.
In short, through reverse social engineering, cybercriminals will do everything possible to get you close to them and have your company’s data in their possession.
And what can I do to protect my business from these attacks?
First of all, and as in most of the attacks we tell you about in our blog, common sense and awareness are the most important things to keep us safe.
But, when requesting help for technical support, it is essential to do so from a direct and trusted point of view and not from anonymous offers or publications.
Preventing employees from downloading programs from unreliable sources and providing data to third parties can save us from this situation. For this, everyone must be trained and aware of cybersecurity.