3RD OCT 2024
Famous social engineer and hacker Kelvin Mitnick says that security is merely an illusion, which is intensified through human ignorance and gullibility. Diversion theft in social engineering works the same way.
Diversion theft is a social engineering tactic that exploits human psychology, making you give up information without the slightest hesitation.
Initially, diversion theft was an offline scheme where a thief deceives a courier or delivery service into going to an incorrect drop-off or pick-up location.
Diversionary theft, often known as redirect theft, can occur both offline and online. While technological advancements have made online methods more common, offline attacks can still take place. In essence, theft by redirection involves intercepting a transaction.
In its offline iteration, a delivery van can be misled to a location different from the intended address. The attacker often positions accomplices at this new location, who can then access the goods for theft.
With the help of technology, social engineering theft has become even more straightforward. Criminals gather information about products ordered online, such as delivery dates, addresses, and item details. Using this information, they impersonate couriers to deliver fake goods and await the arrival of genuine packages.
Regarding online theft methods, the attacker may obtain sensitive data by deceiving the victim into sharing it with the wrong person. This is often achieved by spoofing the email address of someone within the victim's organization, such as an auditing firm or a financial institution.
Criminals may additionally utilize social engineering techniques like pretexting and phishing for this.
In essence, diversionary theft attackers seek to steal goods and confidential information or to deliver counterfeit or infected products.
For instance, if you order a laptop, an attacker might send a device loaded with malware. This way they acquire a new laptop while also gaining the ability to spy on the victim and access sensitive data.
In more serious cases, sabotage theft can attract significant attention, especially when it involves high-stakes items like pharmaceutical drugs or hazardous materials, often linked to extremists or terrorist organizations. However, individuals and small businesses are also vulnerable to diversion theft.
There is no be-all end-all solution for diversion theft preventions, but there are some ways you can avoid it:
Verifying the source(s): upon receiving an email from someone claiming to be a representative requesting confidential information or asking you to redirect a package, it's important to be cautious. Always confirm with the appropriate authorities before taking action. Recipients should also ask for the courier's identification and contact the organization to confirm that the order is authentic.
Training your staff: Even with advanced security measures, the human layer can still be exploited. Theft by sabotage can only succeed when individuals are uninformed. Therefore, it's crucial for organizations to educate their employees about various social engineering tactics and how to recognize and avoid them.
Investing in physical security: Securing your company's physical space is essential to prevent offline diversion theft. With well-trained security personnel, businesses can enhance vigilance regarding who enters their premises and thwart potential attacks before they occur.
In an increasingly interconnected world, diversion theft poses a significant threat to individuals and organizations alike. By understanding the tactics employed by criminals you can better protect themselves against these sophisticated attacks. By remaining vigilant and informed, we can reduce the risk of falling victim to these malicious schemes and safeguard sensitive information and valuable assets.
If you’re interested in fortifying the human layer of your business and how to prevent attacks like diversion theft, be sure to check out Cytadel by Pureversity.
