Zac Amos

Unfortunately, scams are common in the digital world. The internet puts everyone at an increased risk of data breaches. Attacks vary in method and strategy, but they are usually trying to steal information of some kind. Quid pro quo attacks are unique because the attacker takes a psychological approach to scamming users.

What Is a Quid Pro Quo Attack?

A quid pro quo attack is when a user is browsing the internet, and someone appears almost out of thin air to offer them exactly what they were looking for or close to it. However, in order to receive this offer, the person must give up some personal information. The hacker appears trustworthy through their credentials, but they are not legitimate. They rely on psychological tactics by making the user feel like they owe them something for this deal or offer.

Examples of Attacks

Say a user is trying to log into one of their personal accounts. They forgot the password and are troubleshooting how to log back in. Suddenly, someone appears saying that, if the user were to download a certain software, they could log back into their account easily. The person gives in, and the software they download puts a virus on their computer that shuts it down and gives all the sensitive information on it to the attacker.

Another example involves a user working at their job. A hacker calls their work phone, claiming to be someone from IT. They say they need computer credentials in five minutes or they will lose access to all the work they completed that day. The victim gives in, and the caller hangs up and uses those credentials to hack their work computer.

In the first example, the user did not ask for help logging into their account, but the attacker offered it. They did not question whether they actually asked for that help, only focusing on the promised login process. The second example had someone appear as though they worked for the company, but an IT professional would most likely not give a time constraint for something like login information.

How to Avoid Attacks

Quid pro quo attacks are common in the workplace, and they sometimes occur simply because an employee was unaware they were being scammed. In fact, one in four cyberattacks is accidental. That is why it is so important to avoid them whenever possible.

1.   Get More Information

Hackers often appear as someone trustworthy, but asking follow-up questions like their name or position in the business can make them backpedal and possibly reveal the scam. Look up the details they provide. Sometimes, the name or entity might not exist or is a known alias used by scammers. Getting more information can often unveil threats for who they are.

2.   Be Wary of Unexpected Offers

If help just pops up unwarranted, be wary. How did they know the user could not log in? How did they know their computer was causing them issues? If the offer is exactly what the person wanted but did not explicitly ask for, it is probably an attack.

3.   Download Software

There are lots of antivirus options that can prevent attackers from accessing users’ computers so easily. Make sure the software is trustworthy, since some antivirus programs created by the hackers themselves.

4.   Make Login Information Secure

Two-factor authentication is a good way to make login information more secure. The threat might have the password to an account but not access to the email associated with it. Having complicated passwords that are hard to guess is another way to make an account secure. Anything that makes it harder to access can potentially stop a hack.

5.   Protect the Enterprise

There are many ways a company can become involved in preventing quid pro quo attacks. Creating clear policies and solid IT standards and protocols are good strategies. Giving users the ability to report scams and make the workplace aware of attacks is another. Staff with cybersecurity awareness training can also become better at identifying attacks and avoid falling for them in the first place.

Fight Against Attacks

Quid pro quo attacks and other cyber scams are common in the digital world. Being aware of them and implementing tactics to combat them is a good way to prevent users and their businesses from falling victim to them.