Social Engineering vs. Reverse Social Engineering

What's the difference between Social Engineering vs. Reverse Social Engineering? There's 1 or 2 questions where Reverse is the answer on Transcender.

Thanks.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Megadeth4168

Reverse Social Engineering
Users ask attacker for help and information (Thinking the Attacker is a person in a position to help)

An example could be that the attacker takes information down from the user while appearing to fix the problem for the user

Social Engineering is where the attacker is acting like the user and pretending that they lost their password ect...

So the difference would be that in one role (the Reverse) The attacker would act like the help support or technician while in the other role the attacker would act as the user who needs help.

That is my basic understanding of the 2... Hope that is helpful

agustinchernitsky

IMO reverse S.E. and S.E. are the same. reverse S.E. is still S.E.... the victim is manipulated by the atacker, making him feel he needs him.

I recommend, if you are interested the book from Kevin Mitnik. Its really interesting!!

Webmaster

agustinchernitsky wrote:

reverse S.E. is still S.E....

True, reverse social engineering is a form of social engineering. But that doesn't mean they are logically the same. Simply put, all reverse social engineering is social engineering, but all social engineering is not reverse social engineering.

agustinchernitsky

"Webmaster wrote:

Simply put, all reverse social engineering is social engineering, but all social engineering is not reverse social engineering.

I couldn't agree more...

Webmaster

I forgot to add:

agustinchernitsky wrote:

I recommend, if you are interested the book from Kevin Mitnik. Its really interesting!!

Good recommendation, interesting indeed and certainly beats 'merely' reading a chapter about social engineering in a Security+ guide.

supertechCETma

According to Methods of Hacking: Social Engineering, a paper by Rick Nelson, the three parts of reverse social engineering attacks are sabotage, advertising, and assisting. The hacker sabotages a network, causing a problem arise. That hacker then advertises that he is the appropriate contact to fix the problem, and then, when he comes to fix the network problem, he requests certain bits of information from the employees and gets what he really came for. They never know it was a hacker, because their network problem goes away and everyone is happy.

agustinchernitsky

Webmaster wrote:

Good recommendation, interesting indeed and certainly beats 'merely' reading a chapter about social engineering in a Security+ guide.

Believe me, its a lot of fun too...

mrhaun03

Reverse SE is putting yourself in a position where the victim thinks you are helping him/her and willingly provides you with everything. SE is pretty much blatantly asking for passwords, usernames, etc

p0et

Thanks guys.. i'm all good with Reverse SE vs SE. Just trying to get up the nerves to go write this thing now.