A Quid Pro Quo attack (aka ‘something for something’ attack) is a variant of baiting. It differs from baiting in that instead of baiting a target with the promise of a good, a quid pro quo attack promises a service or a benefit based on the execution of a specific action. In a Quid Pro Quo attack scenario, the hacker offers a service or benefit in exchange for information or access.
The most common quid pro quo attack occurs when a hacker impersonates an IT staffer for a large organization. That hacker attempts to contact via phone the employees of the target organization and offers them some kind of upgrade or software installation. They might request victims to facilitate the operation by disabling the AV software temporarily to install the malicious application.
This can also happen with a company’s other vendors. When in doubt, please call the vendor directly to see if the request or offer is legitimate. Legitimate companies don’t go around offering free services to people. Under no circumstances should you ever allow anyone you don’t know access to your system – remotely or otherwise. If it sounds too good to be true it probably is.
For help defending against this and other social engineering attacks please call (504) 372-1372 to schedule an appointment today! We’d love to train you and your staff on how to spot these types of scams and avoid infecting the network.