22ND OCT 2024
Mike's screen flickered with a strange pop-up warning of a system failure. Moments later, a friendly email from "IT Support" offered help to fix the issue. Grateful for the quick response, Mike followed their instructions—unknowingly granting hackers full access to his data. The perfect reverse social engineering trap had been set.
Cyber threats are constantly evolving, and one of the more sophisticated and dangerous tactics used by cybercriminals is reverse social engineering. While many are familiar with traditional social engineering, reverse social engineering (RSE) flips the script, making it a potent threat.
We’ll explain what reverse social engineering is, how it works, and the steps you can take to protect against it.
Reverse social engineering is a cyberattack technique where the attacker convinces the victim to reach out to them, rather than the other way around. In contrast to traditional social engineering, where the attacker initiates the contact, reverse social engineering manipulates the victim into believing they need help and that the attacker is the one to provide it.
By definition, reverse social engineering involves the attacker positioning themselves as an authority or a trusted entity. The victim believes they are solving a problem, while in reality, they are unwittingly compromising their security.
Simply put, RSE is a wolf in sheep’s clothing.
Reverse social engineering typically occurs in three stages:
The attacker sabotages the victim’s system or spreads disinformation, creating a problem that requires assistance. This could be a network disruption, malware infection, or simply a confusing situation.
The attacker advertises themselves as a trusted resource, presenting a solution to the problem. This could take the form of phishing emails, fake support forums, or even direct messages posing as helpdesk personnel.
The victim, seeking help, reaches out to the attacker. Believing they are receiving legitimate assistance, they unwittingly share sensitive information or grant access to their systems.
Reverse social engineering attacks can take various forms, from highly technical to psychologically manipulative. Here are a few examples of how attackers execute these attacks:
Fake IT Helpdesk: An attacker disables an organization’s internal system and sends out a mass email, pretending to be the IT helpdesk. Employees, believing they are contacting support, provide their credentials or access information.
Social Media Manipulation: On social media, attackers may create a fake account that mirrors an authority figure, such as a well-known security expert. They then spread false information or malware under the guise of advice.
Online Forums: In online forums, cybercriminals may pose as experienced users offering solutions to common technical problems, but the solutions are actually malware or phishing links.
While phishing is a common tactic in social engineering, it’s not typically classified as reverse social engineering. In phishing attacks, the attacker contacts the victim directly, usually via email, to trick them into revealing personal information. Reverse social engineering, on the other hand, relies on the victim initiating contact.
However, some phishing tactics can employ elements of reverse social engineering, such as when an attacker disables a system and sends a follow-up email offering "support."
RSE is a worrying threat. Here are some of the worst reverse social engineering attacks that happened so far:
1. The Deepfake Deception on a UK Energy Company
In March 2019, the CEO of a UK-based energy provider received a call from someone who sounded exactly like his boss. The voice was so eerily precise, from tone to cadence, that the CEO didn’t hesitate when asked to wire $243,000 to a “Hungarian supplier.” But there was no supplier—the bank account belonged to a scammer using cutting-edge deepfake technology to mimic the executive’s voice.
This wasn’t a sci-fi plot; it was a real-world attack. Cybersecurity expert Nina Schick warns, "This threat is here. Now." The incident highlighted how advanced cybercriminals are using deepfakes to manipulate human trust, turning even the most cautious executives into victims.
2. $60 Million CEO Fraud: A Price Too High
A devastating scam in 2016 cost Chinese aircraft parts manufacturer FACC nearly $60 million when fraudsters posing as senior executives convinced employees to transfer funds. The so-called “CEO fraud scam” had profound repercussions - so much so that FACC sued its own CEO and finance chief, accusing them of failing to implement the necessary internal security measures.
Though the case against the executives was ultimately unsuccessful, it underscored a larger issue: cybersecurity is not just an IT concern - it’s everyone’s responsibility.
3. Microsoft 365 Phishing Scam: A Clever Deception
In April 2021, security researchers uncovered a sophisticated Business Email Compromise (BEC) scam targeting Microsoft 365 users. The scam began with an innocent-looking email about a "price revision" and included an attachment that appeared to be a simple Excel file. However, upon closer inspection, the "spreadsheet" was actually an .html file.
When unsuspecting recipients opened the file, they were redirected to a fake website that mimicked a Microsoft 365 login page. A pop-up message informed them they had been logged out, prompting them to enter their credentials. Of course, the login details went straight to the cybercriminals.
Organizations and individuals can take specific steps to protect against reverse social engineering:
Educate employees on the characteristics of reverse social engineering attacks. They should be suspicious of unsolicited offers for help, especially if they did not initiate the contact.
Always verify the identity of anyone offering support. Don’t contact support personnel through unverified channels - use official methods of communication.
Consistent monitoring of your systems for suspicious activities is crucial. Be wary of unexplained system disruptions, as they could be a sign of sabotage.
Have an incident response plan that includes how to verify legitimate sources of help and communication protocols in case of system sabotage.
Reverse social engineering represents a potent and sophisticated threat in the cybersecurity landscape. Unlike traditional social engineering, reverse social engineering preys on the victim’s willingness to seek out help, which can make it even more dangerous. By understanding how it works and taking steps to protect against it, you can reduce the risk of falling victim to these highly deceptive attacks.
