Diversion theft: In this post, you will learn what is diversion thefts and how it works exactly. Diversion thefts is a type of social engineering attack. And I have already written a post on what is social engineering and its types, click here to read.
What is diversion theft?
Diversion theft is a type of social engineering attack, wait it is a social engineering attack that is physically related to humans. We knew that generally. Social engineering is somehow how related to humans whether it is offline or online but this attack is quite different from other social engineering attacks.
The diversion is effective by using another type of social engineering attack and a good drama. Yes, a good dram is necessary for diversion thefts.
Let’s see how this type of social engineering attack works.
Also Read: What is pretexting – Explained
How does diversion theft work?
Diversion theft means just diverting the user. The hacker may found information about what you ordered on the internet and he/she may deliver the fake parcel to the user. And wait there until the real parcel arrives and sign and get the real parcel which comes for the user.
At last, the delivery man is a fake guy. Suppose the user is ordered a laptop and this fake delivery man can deliver a damaged or malware-infected laptop to the original order users and get the real package and this is a double profit for the hacker. The hacker can spy and also he/she got a brand new laptop.
Is diversion theft effective?
Diversion theft is kind of not effective, If something in the drama goes wrong the end-user will be cautious. In past, this kind of attack is performed by some government agencies and they were successful. If the attack is going to be done by a single man then the diversion thefts aren’t going to be successful.
Because the single man is not going to have many resources about the end-user. But government agencies can gather much information as possible.
Also Read: What are phishing attacks and types
The prevention for diversion theft is to ask the original id of the person and call the organisation or company and verify he/she is the correct delivery person.
Also Read: What is dumpster diving?
Also Read: Privilege escalation and types