Quid pro quo is Latin for, ‘something for something.’ In the realm of cyber crime, a quid pro quo attack occurs when the hacker offers a service or benefit in exchange for information or access.
This technique is a derivation of baiting and differs in that instead of baiting a target with the promise of a thing – like a free song download – a quid pro quo attack promises a service or action-based benefit.
The most common form of a quid pro quo attack occurs when a hacker impersonates a IT specialist for a large company. That hacker spam calls a number of direct employee numbers of a specific company office and, when said hacker gets an employee on the phone, then offers the employee target some kind of upgrade to their work machine. They might tell the employee to disable their AV software temporarily to install a bogus ‘fix’ or software update.
The employee, thinking he/she is following the commands of IT then allows the hacker access to his/her machine, upon which malware is then installed. This type of attack is rarely found in small to medium-sized businesses due to the fact that smaller numbers of employees usually means everyone knows the IT people by name.