Pretexting is a form of social engineering in which an attacker creates a believable story to gain someone’s trust and steal valuable information from them. This information can include login credentials, money, or further details about a person or business. Attackers craft realistic stories, or pretexts, to gain trust or seem reasonable in their requests.

Social engineering is any method of manipulating someone to gain information, access a physical or digital location, or benefit financially from them. Pretexting is one of the more believable types of social engineering because it typically targets a specific individual or group of people. Pretexting is more likely to slip past victims’ observation than other forms of social engineering because the attackers have done specific research about their victims.

Characteristics of pretexting

  • Urgent/rushed requests, especially appearing to be from company executives, asking for money or other information while they are too busy or preoccupied. Pressure isn’t typically as strong in pretexting attacks, because the attacker aims to have a good story and foster trust with the victim, but they may still apply a sense of urgency by pretending to be a trusted source.
  • Strange email domain names, especially ones that look similar to coworkers’ but are a little bit different. Pretexters try to make their schemes as believable as possible.
  • Requests for personal information, such as account login credentials or even Social Security numbers. Pretexters will try to make their request sound sensible, perhaps by describing an account that the user actually has and trying to help them fix a false problem.

How to identify and avoid pretexting attacks

  • Contact the initial source directly, rather than the person sending or requesting information or money. If someone claiming to be from a company contacts your business, requesting entry to the building or access to technology, calling or emailing that company directly will allow you to verify the service or request.
  • Use additional caution when interacting with individuals outside of your business who claim to be providing a service (coming into the building to fix an issue) or requesting that you reset a password for an account. This might include instructing every person who comes on premises to provide photo ID or asking if you can call back later to reset the account password. Often creating another step in the process and strictly enforcing it will cause a pretexter to give up.
  • Employ artificial intelligence in company email platforms. AI may not catch every suspicious email, but it can be trained to notice strange domains and commonly used phishing phrases through natural language processing. These messages can then be quarantined and require the recipient go through additional authentication steps to verify the email’s validity.


Jenna Phipps
Jenna Phipps
Jenna Phipps is a writer for, Enterprise Storage Forum, and CIO Insight. She covers data storage systems and data management, information technology security, and enterprise software solutions.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.
Get the Free Newsletter
Subscribe to Daily Tech Insider for top news, trends & analysis
This email address is invalid.

Related Articles

Virtual Private Network (VPN)

A virtual private network (VPN) encrypts a device's Internet access through a secure server. It is most frequently used for remote employees accessing a...

Gantt Chart

A Gantt chart is a type of bar chart that illustrates a project schedule and shows the dependency between tasks and the current schedule...

Input Sanitization

Input sanitization is a cybersecurity measure of checking, cleaning, and filtering data inputs from users, APIs, and web services of any unwanted characters and...

IT Asset Management Software

IT asset management software (ITAM software) is an application for organizing, recording, and tracking all of an organization s hardware and software assets throughout...


ScalaHosting is a leading managed hosting provider that offers secure, scalable, and affordable...


Human resources information system (HRIS) solutions help businesses manage multiple facets of their...

Best Managed Service Providers...

In today's business world, managed services are more critical than ever. They can...