Quid Pro Quo Attack
What is Quid Pro Quo Attack?
Quid Pro Quo AttackA social-engineering attack in which the attacker offers a service or benefit in exchange for information or access from the victim.
A quid pro quo attack exploits the principle of reciprocity: the attacker promises help, a gift, or a service in return for cooperation. A common pattern is an impostor calling employees, claiming to be from IT support and offering to fix a non-existent issue if the victim discloses their credentials, disables an antivirus, or installs a "diagnostic" tool that is actually malware. Variants include fake survey rewards, free software, or premium content in exchange for login details. Defences include verifying support requests through known channels, restricting administrative actions to a trusted helpdesk identity, security-awareness training and offering employees an easy way to validate unsolicited contacts.
● Examples
- 01
An attacker calls random employees offering to "fix slow Wi-Fi" in exchange for their domain credentials.
- 02
A pop-up promises a free gift card if the user submits their corporate email and password.
● Frequently asked questions
What is Quid Pro Quo Attack?
A social-engineering attack in which the attacker offers a service or benefit in exchange for information or access from the victim. It belongs to the Attacks & Threats category of cybersecurity.
What does Quid Pro Quo Attack mean?
A social-engineering attack in which the attacker offers a service or benefit in exchange for information or access from the victim.
How do you defend against Quid Pro Quo Attack?
Defences for Quid Pro Quo Attack typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Quid Pro Quo Attack?
Common alternative names include: Service-for-info scam.