What is reverse social engineering?

Reverse social engineering (RSE) can mean two things - attack where attacker is trustworthy entity (case 1) or attack where attacker becomes victim (case 2).

When we talk about case 1 there are usually three stages of attack. Stage one is called sabotage where initial damage is made. Stage two or advertise is where attacker gains trust of victim and pursue him/her he is the one who can solve problem they have (made in stage 1). Stage three (assist) is where the attacker gains information/property he needs.

Advantage of RSE is that attack is much harder to discover. On the other hand, main disadvantage is complexity.

The best defense against this type of SE (social engineering) is to use trustworthy companies to do whatever job you need to outsource. Also, background checking on persons who has access to your critical areas can prevent such attacks.

Case 2 is situation where initial attacker becomes victim. However, this types of SE is highly unlikely to happen in business environment and it's mostly found in military (or to use fancy word - counterintelligence).

Example of this kind attack could be so called "Reverse sting" where when attack is recognized victim can preform attack on initial attacker or he can redirect attacker to someone who knows how to counter him. E.g. attackers calls front desk and asks for information X. Instead of giving him information X, front desk redirects call to security department. Other example of case 2 RSE is where attacker is fed with false data (law enforcement agencies often preform this attack).


Reverse social engineering is a form of social engineering. We can say all reverse social engineering attacks are a social engineering attack.

A reverse social engineering attack is where an attacker makes himself a point of help to a victim. The victim will think of the attacker as a trustworthy person because he is offering help to solve the problem.

An example can be an attacker first sabotaging a network and then posing as a technician to help and resolve the problem for the victim.

This approach is often used because the victim will give up passwords more easily. If you get called by someone and they ask you your password, you will be reluctant to give it. If you call a technician and he requests your password, you are more likely to give it.

Further reading: reverse social engineering in online social networks.


Reverse social engineering does not differ from 'normal' social engineering in a significant way, beyond the fact that the stance taken could be described as being somewhat "passive".

The reversal lies in the pretext used, and aims to entice a victim to take action on one's own initiative, hence amplifying perceived trust.

An example would be posing as an authority figure to establish initial contact and triggering certain followup actions, as opposed to an attacker approaching victims himself to do the same.

Watering hole attacks are an example of reverse social engineering:

Sinkholing Script Kiddies