In reverse social engineering, a very unique type of social engineering is involved. In reverse social engineering the attacker convinces the victim, that the victim will have some problem in the future and the attacker is willing to help. Reverse social engineering goes with certain steps, and they are as follows:
⦁ The attacker first targets the victim’s equipment’s
⦁ The attack advertises himself as the person of authority who would solve the victim’s problems
⦁ The attacker gains the trust of an individual and initiates an attack which in turn paves the way for the victim’s personal information ‘
Reverse social engineering attack happens in two ways. One is known as the targeted attack and the other is known as the mediated attack. In targeted attack, the attack needs to know the information of the victim beforehand and in case of mediated attack, the attacker will post some attack messages to lure the victim into the trap.
Example of reverse social engineering attack
Recently a user updated a posted a Facebook status in public forum that the user has been facing some issues with windows 10 and he needed someone get the job done. Some of the comments said suggested to the user should to go to a legitimate professional solve the problem.
In response, one person commented that doing this would cause the user a lot of money and he could solve the problem of the user at less cost. The user was interested and connected the personnel on a personal chat. In these personal chat, the attacker asked him about the personal details like the Gmail password. As soon as the password was given him all his credit card details and bank information was stolen and a large sum of money was debited from his account. Reverse social engineering acts on the victim reacting first, cybercriminals act convincing and the victim is made to fall into the trap. The only difference from social engineering lies in the fact that in reverse engineering the victim acts first and triggers the attack.
⦁ The first and foremost prevention method of reverse social engineering attack is awareness. There is no substitute for awareness. If the user had a proper understanding of reverse social engineering attacks then the user won’t even dare to give his security information to the cybercriminal
⦁ The second method is the identification of a computer support analyst. A legitimate computer support analyst would never ask for your Gmail password instead the analyst will show you ways on how to solve the problem without taking the personal details of the user. If the user had run a background check on the individual then such a problem could easily be avoided.
⦁ The third prevention method is to avoid posting problems in online forums. This means that if the user had not posted the problem on Facebook and instead would have taken the issue with the professional then such a chaos would not have created in the first place
⦁ In order to prevent such kind of attack it is better to remain alert at all times. This type of attack is based on the willingness to provide information to the cybercriminals. If a person is not sure about a particular problem consult someone who has the knowledge of information security before providing random information to the stranger.