What is reverse social engineering?

The techniques used by cybercriminals to circumvent the security of systems and applications are varied, but some of the most successful are those that employ reverse social engineering procedures.

In reverse social engineering attacks, the cybercriminal presents himself to the victim as the essential element to solve a critical problem.

The methods of social engineering have been known for a long time and are very diverse. Companies of all types, including those with critical activities, such as energy companies, are targeted by cybercriminals and constantly suffer from these attacks.

Examples of social engineering include phone calls to users who are tricked through a series of ploys, usually posing as a company, and with the intention of getting users to provide them with users, passwords or data from which a profit can be made. In a more bizarre move, some even go through garbage containers to access receipts that provide data that will give them access to sensitive data. Phishing or the famous Nigerian letters are other types of social engineering attacks.

A more sophisticated attack

So what is reverse social engineering? In this case we are talking about social engineering attacks that are much more sophisticated and less crude than some of the examples described above. The main difference between the two types of attack is that in social reverse engineering the cybercriminal presents himself as the indispensable help the user needs to solve a problem. In other words, it is the user himself who approaches the cybercriminal.

Why is reverse social engineering used?

Thus, a very common case occurs when the cybercriminal has previously damaged the user’s computer. The latter finds that his computer or cell phone starts to run slower or has some kind of failure that does not seem very serious either. However, the attacker, posing as an official company, convinces the user that they have detected that the computer has a serious problem and that it can be fixed remotely. The user trusts that a cybersecurity solution is being installed and therefore provides him with all kinds of data or allows the cybercriminal to deploy malware without the owner of the computer being aware of it.

Why is reverse social engineering used?

Reverse social engineering attacks provide the hacker with a set of advantages over other methodologies. These attacks are difficult for users to identify, although they are also more complicated for cybercriminals to execute than, for example, social engineering phishing.

Relying on the knowledge of experts like aggity, who help organizations to implement a correct cybersecurity strategy and who also have solutions such as Cloud & Cybersecurity by aggity, is essential. It is equally essential to train users in the detection of this type of threat, as developing the necessary detection skills is the best way to defend against reverse social engineering attacks. One of the keys to prevent this type of attack is to teach users how to distinguish this type of cyber-attack. In the same vein, penetration tests or the establishment of a zero-trust strategy also yield good results.

Training to prevent social engineering attacks

Training to prevent social engineering attacks

In the end, prevention is the best weapon to deal with this type of cyber-attack. With the help of experts, employees of organizations can learn to distinguish this type of attack with a series of basic guidelines. So, continuing with the previous example, if employees know who to go to for technical support, they probably won’t answer the questions asked by the cybercriminal. Not only that, but the company’s cybersecurity department will be informed by the user and will be able to take appropriate measures to prevent the cybercriminal from succeeding.

Likewise, the services provided by specialized providers, which are combined with technologies such as EDR and XDR, emphasize the importance of workers not sharing their login credentials with third parties. The key is that social reverse engineering attacks require the user to perceive that the attacker is offering a critical service. The false offer of help will remain a mere contact without all its potential negative consequences if employees then turn to the specialist technician or supplier.