What is Pretexting? Definition and Examples

  • By Greg Brown
  • Oct 14, 2022

pretexting definition

Malicious code is now so prevalent that broad categorizing must be applied; for the ability to drill down to specific attack types. Social engineering is a broad range of predatory activities best used through human interaction. Cybercriminals trick their users into believing some made-up scam and then try to lure sensitive information from the user.

Common Social Engineering Attacks:

  • Phishing
  • Baiting
  • Business email compromise
  • Spear Phishing
  • Pretexting

Social engineering is used nearly 98% of the time with all attacks, accounting for a $6.9b loss. Pretexting occurs when someone misuses their actual job function or creates a fake persona. Trust is inferred by luring the user to hand over sensitive personal info.

Edward Snowden is the classic case of social engineering. The former NSA employee infamously convinced his co-workers to send him their passwords and logins. About two dozen employees sent in their login information without question. Files stolen by Snowden were used in the national security threat and news press leak.

No matter how strong your password or overall security credentials are, there are always vulnerabilities. Online financial institutions, subscription services, and secure email have recently elevated fraud awareness. Sophisticated hackers no longer go after hardware; instead, they attack the human loophole. 

Manipulation

Cybercriminals are finding plenty of roadblocks to online accounts. Predators are hacking "you" through impostor fraud and phishing attacks to find easy access.

Pretexting and social engineering have the same definition; manipulate an individual into revealing sensitive information. Pretexting is an attack, creating a scenario that will cause the victim to give up sensitive personal information, such as a password.

Pretext Example:

An employee picks up the phone one afternoon, and their CEO is on the other end of the line. The attacker, posing as the person in power, asks the victim, would they be available for a unique project the company is setting up? The attacker’s goal is to establish a rapport quickly with the victim.

Assuming the victim responds positively, the fake CEO says an email is on its way, and they should respond with vital information as soon as possible. The attacker’s job is to convince the victim that the scenario is authentic and collect the information. 

The crucial part of the above scenario; is its creation aimed at the victim, representing the Pretext. A good pretexting attack sets a plausible foundation or scene for the victim. A good pretext attack is comprised of two significant elements.

  1. Convincing situation: the Pretext is a sequence of believable events, developed by the social engineer, designed to manipulate the target and extract information. High-level attackers do their homework by adequately researching the target and laying the foundation.
  2. Characters: The attacker plays a role and is almost like a fictitious character. The scam involves a creditor calling to get updated bank information, saying funds are insufficient in the account. 

Footprinting the target or reconnaissance helps the attacker better understand the security footing. Many search engines, companies, and member organizations publish member rolls, employee names, email addresses, and much more.

Phishing attacks are assumed to be short-term events; however, some phishing attacks can last for months and even years. In the long term, attackers try to establish a relationship with specific individuals and specific goals. Attackers find greater success by building relationships with their target.

Social Engineering

There are many similar attacks closely associated with pretexting. Each of these attacks has one common element in each of their scams: the unsuspecting victim. Well-organized attack groups buy large blocks of names, numbers, addresses, and other information to start their scams. Knowing there are plenty of vulnerable systems and individuals.

Common Attack Types:

  • Quid Pro Quo, The attacker’s goal; pretending to be from the IT or your ISP department, offering to speed up your internet or ask if you would like a free trial. Fake accounts are created in the victim’s name, and the login credentials are sold on the dark web. 
  • Baiting is a technique where the scam is to lure the victim in by providing fake and sensitive information to the victim for the promise of something valuable in return. Attackers create fake pop-up ads giving away free games or music; the ad is clicked, and the system is infected with malware.
  • Smishing is one of the newest forms of attack with its own name. Smishing involves the same parameters as a phishing attack but in SMS form. Small form factor devices like smartphones and smartwatches are incredibly vulnerable to backdoor attacks into the main system files. Predators purchase files containing thousands of victim data points and blast their messages.
  • Whaling is another term describing an attack on a high-profile celebrity, government official, or executive. Compromising photos are used on celebrity victims, while confidential information is used in other attacks. Once the victim is convinced, they click on a link, and the malware is already past most firewalls. 

Psychological Manipulation

With this technique, they manipulate other people by using their emotions, such as insecurity, and using passive/aggressive tactics to confuse and disorient the victim. With their emotional victim in hand, they ask for every piece of sensitive information this person may have. 

The answer to manipulation techniques; is always to be skeptical of the people and organizations you meet online. Do they have your best interests at heart? Usually not.

Everyone’s guilty of manipulation at some point in their lives. Most of these events are minor or of no importance. However, we should always watch for others to take advantage. Not to say ignore others, just be cautious.

Knowing What to Expect from an Attack Helps Keep You Safe

Pretexting and other malicious social engineering strategies have thousands of variants and mutations. The total number of vicious strains, malicious code, and malware, is almost incalculable, and more appear daily. It is up to that person sitting at the workstation or in front of the laptop to take a cautious security footing when they are on the internet. 

Attackers found easy pickings when they decided to hack the person rather than the machine.

About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private ig account. You might want to block ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Pubic to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone’ ... Read More

Latest Articles

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Data Breach of Healthcare Management Solutions, LLC Affects Half-a-Million People

Healthcare Management Solutions, known as a healthcare-related consulting company from West Virgini, has over 100 employees and brings in nearly $20M annually.

How to Remove Hard Inquiries from a Credit Report

How to Remove Hard Inquiries from a Credit Report

A credit score is an invisible number, yet it often feels like it controls our lives. It determines what we can buy and how much we'll have to pay.

What is Endpoint Security, and Why is it Important?

What is Endpoint Security, and Why is it Important?

Businesses can make every effort to beef up corporate network security, but those improvements mean very little if criminals choose to break into an already connected device.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address
Close