Blagging may sound like some complicated hacking technique, but it’s much simpler than that. But while not as “high-tech” as other cyber crimes, blagging can still do serious damage if companies aren’t prepared.

So what is blagging and how does it work?

 

What Is Blagging, and How Does It Work?

Blagging is when sneaky scammers try to trick or manipulate people into handing over confidential info they shouldn’t have access to.

These blaggers will make up whatever story they need to convince their target to spill data that could be used for shady purposes like identity theft, spying on companies, or blackmailing folks.

So how does it work exactly? Here are some common blagging techniques:

  1. Impersonation: The scammer pretends to be someone else, like a fellow employee, a bank representative, or police officer. This builds trust and makes the target more likely to share confidential info. For example, they may call, posing as an IT technician needing a password to fix a computer issue.
  2. Creating a false sense of urgency: The scammer pressures the target by making the request seem time-sensitive. Threats to close an account or legal action are used to get information fast before the target has time to verify the validity of the request.
  3. Phishing: Blaggers will use phishing emails or links containing malware to infect target systems and steal data. The emails are crafted to appear like they’re from a trusted source to entice the victim to click or download.
  4. USB drop attack: This tactic leaves infected malware-laden devices like USB drives in public places where targets are likely to find them and plug them in, allowing the blagger access. Parking lots and elevators are popular spots to bait unsuspecting persons.
  5. Name-dropping: The scammer will mention names of legitimate managers, executives, or contacts to make it seem like they’re authorized to have otherwise confidential information. This lends credibility to their shady request.
  6. Sympathy pleas: The scammer will appeal to the target’s compassion, making up sob stories to manipulate them. Saying things like they’re a single parent who needs money in an account to feed their family can work.
  7. Quid pro quo: The scammer promises something in return for information, like a bonus, time off, or cash. Of course, those are empty promises used to get what they want.
  8. Tailgating: The blagger physically follows an employee into a building or restricted area to gain access. They count on people holding doors open for others or not questioning their presence.
  9. Elicitation: Blaggers will try engaging in friendly chit-chat to get targets to reveal information about systems, processes, or vulnerabilities inadvertently. It’s dangerous because it seems so harmless.

The key thing to remember is these attackers are masters of deception and will say or do whatever it takes to get what they’re after

How to Defend Yourself Against Blagging Attacks

With blaggers using so many sneaky tactics, how can you protect yourself and your company from their scams? Here are some key ways to defend against blagging attacks.

Verify Claims

Don’t take anyone at face value—always corroborate their story.

If someone calls, claiming to be tech support needing access or a fellow employee needing info, hang up and call back using an official number to confirm it’s legitimate.

Check email addresses, names, and contact info closely to ensure they match up too.

Validate Requests

As an employee working for a company, look into any unusual requests, even if they seem urgent or the story is believable. Say you need to escalate it to a supervisor or submit a ticket through proper channels.

Slow down the interaction, so you can investigate further before handing over confidential data.

Limit Account Access

Business owners should provide the minimum access employees need to do their jobs and nothing more. For example, customer service reps likely don’t need access to financial systems. This contains any damage in the event an account is compromised.

Keep Your Guard Up Against Blagging

While blagging often targets businesses, everyone is vulnerable. Any of us could be tricked by a seemingly innocent call or email from a scammer posing as tech support, a bank rep, or even a family member needing help. That’s why we all need to learn blagging techniques and know how to spot red flags.

And if you are a business owner or run a company, you shouldn’t underestimate this threat. With comprehensive security awareness training and layered technical defenses, you can thwart these tricksters in their tracks.

With the right safeguards in place, blaggers don’t stand a chance.

Give us a call at 732.780-8615 or email [email protected] to discuss how we can get your employees started in our Security Awareness Training and Phishing Simulations today!


Oluwademilade Afolabi, “What Is Blagging in Cybersecurity?”, makeuseof.com, Aug 31st, 2023