AbleToTrain by Willing & Able

What is a diversion theft?

Diversion theft is a social engineering technique used to manipulate human psychology. It started as an offline attack. There, a thief tricked a courier or delivery company into going to the wrong drop-off or pick-up location.

This type of attack, also known as “around the corner” or “around the corner,” occurred in the East End of London before the advent of the Internet.

How Does Diversion Theft Work?

Diversion theft can occur offline or online. Often done online due to technological advances, criminals can carry out attacks offline. Anyway, diversion theft involves intercepting transactions.

Offline theft allows the van containing the goods to be diverted to a location other than the actual address. Attackers often place their subordinates in new locations, giving them easy access to the goods, and the goods can be exchanged or stolen.

With the advent of the Internet, the distraction of social engineering has become even easier to steal. Scammers are trying to access information about items you ordered online. This may include the delivery date, address, and items to be delivered. Using this information, the attacker pretends to be a courier, delivers a fake item, and waits for the actual package. The attacker uses online diversion stealing to trick users into sending information. They utilize social engineering techniques like pretexting and phishing (including its other types like whaling or spear phishing).

Examples of Diversion Theft

To effectively counter this attack, it helps to familiarize yourself with examples of diversion theft.

In real life, distraction theft can become very well known. In extreme cases, it can contain medicines and high-risk material, and actors turn out to be representatives of extremists and terrorist organizations. However, individuals and small businesses are at risk of being victims of this social engineering attack.

Why is diversion theft effective? Distraction theft is only effective with powerful social engineering techniques. Offline distraction only succeeds if you are satisfied with it. High-profile diversion theft involves a collaborative attack strategy by a group of malicious attackers.

Online diversion theft is more effective and more targeted at a more personal level. The best way to counter this attack is to understand how social engineers think and what they expect from you.

How to avoid diversion theft

Diversion theft often exploits human factors to steal goods or access sensitive data. Nevertheless, prevention is possible. There is no one-size-fits-all solution, but the following tips are essential to mitigate such attacks:

  • Get confirmation from the original source

  • If you receive an email from what appears to be a legitimate representative asking you to diversion sensitive information or articles to a new location, something is wrong. Please consult the relevant authorities before taking any action. In addition, the carrier must coordinate everything with the recipient before releasing the package.

  • The recipient also needs to request a courier ID and contact the organization to confirm that the order is the original order.

  • train employees

  • Human factors can be manipulated even when implementing advanced security measures.

  • Distraction theft is certainly a social engineering technique that can be successful when people are ignorant.

  • However, it is imperative that organizations educate their employees on the various social engineering tactics attackers use to endanger their systems and how to avoid them.

  • Physical security is important

  • Diversion theft can also occur offline, and an attacker can do it in a variety of ways. Attackers can create physical diversions to access your organization’s offices and resources. As with tailgating, protecting your organization’s physical space is important to prevent diversion theft. While the former is usually more subtle, the latter can cause mass chaos with the goal of obtaining massive amounts of data or causing more damage. With competent security in place, businesses can be much more vigilant about who enters the premises and stop such assaults before they happen.

Final Thoughts

Diversion theft is a serious issue, especially when gullibility and ignorance come into play. Both individuals and organizations can counter such attacks by staying vigilant, verifying delivery details, and securing their premises.

Most importantly, organizations should carry out proper awareness programs to educate their staff on diversion theft and its impact on business continuity. Read posts on social engineering and its types to understand different attack vectors and how to prevent them.