Social engineering: Quid Pro Quo attacks

Quid Pro Quo Attacks promise a benefit in exchange for information. The benefit usually takes the form of a service, whereas with baiting it takes the form of a good.

Here is a modern-day example of a quid pro quo attack.

Oh, you got some issues with your computer – no problem, I will sort it out for you!

– all I need is your credentials…

It can be considered as a request for your information in exchange for some compensation – that could be a free T-shirt. In addition it could be access to an online game or service in exchange for your login credentials, or a researcher asking for your password as part of an experiment in exchange for $100.

If it sounds too good to be true, it probably is quid pro quo…

One of the most common scenarios of ‘quid pro quo’ attacks involve fraudsters who impersonate IT service people and who spam call as many direct numbers that belong to a company as they can find. These attackers offer IT assistance to each and every one of their victims. The fraudsters will promise a quick fix in exchange for the employee disabling their AV program and for installing malware on their computers that assumes the guise of software updates.

Also, it’s not always sophisticated tricks or illusions, as real-world examples have shown, people are more than willing to give away their passwords for a cheap pen or even a bar of chocolate.

Social engineering: Quid Pro Quo attacks

Avoiding Quid Pro Quo Attacks

As with other types of social engineering – there are security measures you should take to safeguard yourself and your sensitive data.

  • Never give personal or account information unless you initiated the exchange.
  • Always call the company back using the company’s phone number available via their website. DO not call through a phone number provided by the person you were conversing with.
  • If you’re at all suspicious about the cal, a wise attempt would be to leave it at that.
  • Last but not least modify your password regularly.  To learn more about good password habits!
  • This is not the end of it, there are more social engineering scams you need to be careful of. Check out our email security course to educate yourself.
  • Learn what is social engineering.
  • What is phishing?

As always – Stay Suspicious and Investigate as much as possible in every possible situation !

Mailfence is an encrypted email suite

 Get your secure email

Follow us on twitter/reddit and keep yourself posted at all times.

– Mailfence Team

Avatar for M Salman Nadeem

M Salman Nadeem

Information Security Analyst - Security Team | Mailfence

You may also like...