What is reverse social engineering and what makes it so dangerous?

The growing threat of social engineering

In previous publications, we have already addressed the huge problem that social engineering represents today, both for organizations and for individuals. It is one of the main attack methods used by cybercriminals, and it shows no sign of stopping.

Social engineers seek to exploit people’s vulnerabilities to manipulate them and get them to act according to their interests. To achieve this, they contact the victim through any channel — email, text message, phone call, or even face-to-face — often impersonating a known entity to generate greater credibility.

With a high state of alert resulting from good awareness, it is possible to identify these types of attacks, although some are more sophisticated than others. But what if it were the victim who needed the attacker? In that case, detection becomes much more difficult.

Reverse social engineering: when the victim seeks the attacker

It may sound implausible that the victim is the one who seeks out the attacker. And no, you don’t have to be a particularly naive person to fall into this trap. In fact, it is a technique with its own name: reverse social engineering.

First of all, as its name suggests, a reverse social engineering attack is a variant of a social engineering attack. The aim is still to manipulate the target into acting in a certain way. The “reverse” aspect comes from the fact that it is not the attacker who contacts the victim — it’s the victim who reaches out to the attacker.

How does this happen? Just as we tend to help others when they are in trouble, there are also times when we need help ourselves. This is precisely what this technique exploits.

How reverse social engineering works

The first step is to create a need in the victim. Usually, this begins with a phone call explaining a supposed problem. In more sophisticated cases, it starts with a phishing email that disrupts the system’s functioning. The attackers then present themselves as the solution to the issue.

Sometimes, the attackers manipulate data so that the contact phone number appears to belong to a legitimate technical service. In other cases, they directly pose as support staff ready to solve the problem.

In reality, the victim — believing they are being helped — ends up providing sensitive information or even granting remote access to the attacker.

This makes reverse social engineering so dangerous: the victim feels they need the attacker’s help, drastically reducing the likelihood of suspicion.

How to protect employees from this type of attack

The answer is straightforward: awareness. Employees must know what social engineering is, how it works, and the various forms it can take. Only then can they maintain the alertness needed to identify an attack.

Kymatio® offers an awareness module tailored to each user’s needs. Additionally, with Kymatio® Trickster, organizations can run phishing and smishing simulations (among other features) to assess employee reactions to realistic scenarios.