Blagging — A Good Old Social Engineering Attack

--

What is Blagging

Cyber threats, especially those that steal your credentials, can be costly. Enterprises should remain vigilant about their employee’s security and actions. A single mistake by an employee can cost millions, if not billions, of dollars to the organization. Cybercriminals use nasty techniques like social engineering to manipulate people into giving them login credentials. Blagging is one such technique.

According to Mitnick Security’s report, 98 percent of cyber attackers rely on social engineering techniques in some capacity to compromise a system or enterprise. Blagging falls under the umbrella term of social engineering. This article will highlight blagging, its tactics, and preventive measures.

What is blagging?

Blagging or pretexting is a social engineering technique that arrived from the slang word “to blag.” In the blagging attack, the attacker uses an invented or hypothetical scenario wherein the attacker tries to engage the target with some discussion. That discussion often tempts the victim. That increases the chance the victim discloses critical or sensitive information that would be unlikely in ordinary circumstances. Blaggers often use open-source intelligence and details about the victim and use those data to set a fake scenario to indulge the victim in revealing sensitive information.

Social Engineering tactics

How do social engineers use blagging tactics?

Security researchers found that attackers use a particular set of questions to indulge a victim in a hypothetical conversation and try to steal sensitive information from them. Here are some of the questions and tactics.

· Check the availability of the victim: Cybercriminals are busy people. So, they often check whether the victim is available for a discussion. Then they will introduce themselves as someone who they are not in reality. They will try to build a rapport. They use reputed social media platforms like Twitter, LinkedIn, Instagram, Facebook, etc., or use email IDs. Based on the victim’s reply timing and rate, they will try to steal valuable details and credentials.

· Tempt you with questions that require pressing need/action: Attackers are good researchers. They will perform information gathering before applying blagging. They might also ask you tempting questions like, “Do you know your credit card is expiring?” or “I am from X bank, and our team found that your account is not secured. We can help you secure.” Then they force you to share your credentials and OTPs in the name of the internal team. But actually, they are stealing your sensitive data.

Social Engineering

Other common blagging tactics

· Cryptocurrency scams:

Cybercriminals do thorough research on those victims interested in investing in cryptocurrency. They use pretexting tactics by pretending to be a cryptocurrency trading app agent or experienced investors. After luring their targets with fake tales of financial returns of crypto-investment, they persuade their victim to “invest” in them or the app. As the scammer gets the money on their dummy app or account, they disappear from the victim’s life.

· Blagging through online romance:

Blagging through romance is a type of social engineering. Here boys and girls put charming photos on different social media and dating sites. Then they manipulate the victim as if he/she is in love. Typically mid-age youths become the target of such scams. The cybercriminal uses these romance techniques to extract valuable & sensitive information from the victim. These blagging techniques often take weeks or even months.

· Blagging through impersonation:

An impersonation attack is a bold social engineering attack that requires blagging tactics. The impersonator will feign to be a colleague, friend, or unmet agent sent by a high-level executive from a different organization. The attacker will start with a friendship as a blagging technique. Then they will involve you in gaining access to company information such as server room location, email ID, phone number, etc. They also take advantage of tailgating & piggybacking to drop malware like ransomware or spyware in corporate systems.

How to prevent the blagging attack?

· Do not use unprofessional platforms: Often scammers scrounge for professionals on unpopular platforms. Also, users should remain vigilant about with whom they are talking.

· Thorough research: Users must know how to thoroughly research a person’s detail over digital and open-source platforms. That way, they can distinguish between blagging scammers and a legitimate individual.

· Employee awareness and training: Enterprises should train their employees about the different forms of social engineering attacks. Also, employees should know (through awareness and training) about the spoofed domains cybercriminals use to perform blagging.

· Constant awareness: Enterprises and organizations should encourage employees to stay aware of such activities. Employees should remain aware within & outside of the office premise about actions like piggybacking, server room access, etc. Through this measure, the workforce can stop a blagging attack early.

Conclusion

Complete security from social engineering attacks is not possible for an organization. However, organizations can take proactive measures through awareness campaigns and surveillance systems to stay ahead of such threats. To know more about prevention against blagging attacks, contact security companies like Packetlabs. They have security experts who can provide precise guidance & solutions on such attack vectors.

If you want such technical content or article that will engage your B2B or B2C customers, contact me here. I write outstanding and versatile technical and non-technical content with infographics, animations, and SEO strategies that can bring potential leads & audiences to your website. You can ultimately enjoy more visibility and traffic on your website. My articles will help you understand your sales funnel and potential customer traction. The price/project or price per word is negotiable. So, what are you waiting for? Tap here and write me a mail today!

--

--

Karlos G. Ray [Masters | BS-Cyber-Sec | MIT | LPU]

I’m the CTO at Keychron :: Technical Content Writer, Cyber-Sec Enggr, Programmer, Book Author (2x), Research-Scholar, Storyteller :: Love to predict Tech-Future