The article examines theft by distraction as a form of social engineering that exploits human weaknesses. The mechanisms of this type of attack are described in detail, its impact on the security of organizations, as well as strategies for protection against such threats are given.
As organizations’ defenses become more robust, cybercriminals are looking for ways to use social engineering and exploit the weakest link in the security chain—the human.
Social engineering diversionary theft is one of the many methods criminals use to manipulate their victims. Read on to learn more about it, how it works, and tips for prevention. So, what is burglary?
Hacking is a social engineering technique used to manipulate human psychology. It started as an offline attack where a thief tricks a courier or delivery company into going to the wrong delivery or pickup location.
This type of attack is also known as the “corner game” or “corner game” and originated in the East End of London before the Internet.
Redirect theft can happen offline or online. Although technological advancements make this usually happen online, criminals can still carry out an attack offline. Regardless, theft by redirection means intercepting the transaction.
In an offline theft, the van carrying the goods can be diverted to a location other than the actual address. The attacker often plants subordinates in a new location, who then have easy access to goods that can be replaced or stolen.
With the advent of the Internet, social engineering theft has become even easier. Fraudsters are trying to access information about products you’ve ordered online. This may include the delivery date, address and item to be delivered. Armed with this information, criminals impersonate couriers to deliver counterfeit goods and then wait for genuine packages to arrive.
Criminals also use online theft to trick users into sending them information. They use social engineering techniques such as pretexting and phishing (including other forms such as whaling or phishing).
To effectively counter this attack, it is useful to familiarize yourself with examples of sabotage theft. The attacker aims to either steal goods and confidential information, or deliver counterfeit or infected goods.
If you order a laptop, an attacker can deliver infected malware. This can be a double profit for the scammer – he gets a new laptop and can spy on the victim to steal sensitive data.
In real life, sabotage theft can become quite high-profile. In the extreme case, it can be pharmaceutical drugs and materials of increased danger, and the actors are extremists and representatives of terrorist organizations. However, individuals and small businesses are still at risk of falling victim to this social engineering attack.
Redirect theft can only be effective with effective social engineering techniques. Offline diversion is only successful if it is convincing. Resonant sabotage theft involves a coordinated attack strategy by a group of attackers.
Stealing online diversion is more targeted with increased effectiveness on a more personal scale. The best way to counter this attack is to understand how social engineers think and what they need from you.
Sabotage theft often uses the human factor to steal goods or access sensitive data. However, prevention is possible. There is no one-size-fits-all solution, but the tips below are vital to mitigating such attacks.
If you receive an email from a supposedly legitimate representative asking you to provide confidential information or redirect an item to a new location, something is wrong. Check with the appropriate authorities before taking action. Also, the delivery agent must confirm everything with the recipient before releasing the package.
The recipient should also ask for the courier’s ID and contact the organization to verify that the order is genuine.
Even with sophisticated security measures in place, the human factor can still be manipulated. In The Art of Deception , Calvin Mitnick mentions that security is only an illusion made stronger by human ignorance and gullibility.
Indeed, theft by sabotage is a method of social engineering that can be successful when people are ignorant.
However, it is imperative that organizations educate their employees on the various social engineering tactics that attackers use to compromise systems and how to avoid them.
Redirect theft can also happen offline, and attackers can do it in a variety of ways. An attacker can create a physical gateway to gain access to an organization’s offices and resources.
As with flooring, securing your company’s physical space is critical to preventing theft. While the former is usually more inconspicuous, the latter can wreak massive havoc in order to obtain vast amounts of data or cause more damage. With trained security, businesses can be much more vigilant about who is infiltrating the premises and stop such attacks before they happen.
Sabotage-related theft is a serious problem, especially when gullibility and ignorance come into play. Both individuals and organizations can counter such attacks by remaining vigilant, verifying delivery details and securing their premises.
Most importantly, organizations must have proper employee awareness programs about sabotage-related theft and its impact on business continuity.