Social engineering: Quid Pro Quo attacks

Oh, you got some issues with your computer – no problem, I will sort it out for you!

– all I need is your credentials…

Quid pro quo means something for something

Quid Pro Quo Attacks promise a benefit in exchange for information – the benefit usually assumes as a form of service, whereas baiting frequently takes the form of a good.

It can be considered as a request for your information in exchange for some compensation – that could be a free T-shirt or access to an online game or service in exchange for your login credentials, or a researcher asking for your password as part of an experiment in exchange for $100.

If it sounds too good to be true, it probably is quid pro quo…

One of the most common scenario of ‘quid pro quo’ attacks involve fraudsters who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find. These attackers offer IT assistance to each and every one of their victims. The fraudsters will promise a quick fix in exchange for the employee disabling their AV program and for installing malware on their computers that assumes the guise of software updates.

Also, it’s not always sophisticated tricks or illusions, as real world examples have shown, people are more than willing to give away their passwords for a cheap pen or even a bar of chocolate.

Social engineering: Quid Pro Quo attacks

Avoiding Quid Pro Quo Attacks

As with other types of social engineering – there are security measures you should take to safeguard yourself and your sensitive data.

  • Never give personal or account information unless you initiated the exchange.
  • Always call the company back using a publicly posted phone number (such as on the company’s website) and not through a phone number provided by the person you are conversing with.
  • If you’re at all suspicious about the call – a wise attempt would be to leave it at that.
  • Last but not least modify your password regularly.  To learn more about good password habits!

As always – Stay Suspicious and Investigate as much as possible in every possible situation !

Mailfence is an encrypted email suite

 Get your secure email

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for M Salman Nadeem

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...