Pretexting

Pretexting is a form of social engineering in which an attacker creates a believable story to gain someone’s trust and steal valuable information from them. This information can include login credentials, money, or further details about a person or business. Attackers craft realistic stories, or pretexts, to gain trust or seem reasonable in their requests.

Social engineering is any method of manipulating someone to gain information, access a physical or digital location, or benefit financially from them. Pretexting is one of the more believable types of social engineering because it typically targets a specific individual or group of people. Pretexting is more likely to slip past victims’ observation than other forms of social engineering because the attackers have done specific research about their victims.

Characteristics of pretexting

  • Urgent/rushed requests, especially appearing to be from company executives, asking for money or other information while they are too busy or preoccupied. Pressure isn’t typically as strong in pretexting attacks, because the attacker aims to have a good story and foster trust with the victim, but they may still apply a sense of urgency by pretending to be a trusted source.
  • Strange email domain names, especially ones that look similar to coworkers’ but are a little bit different. Pretexters try to make their schemes as believable as possible.
  • Requests for personal information, such as account login credentials or even Social Security numbers. Pretexters will try to make their request sound sensible, perhaps by describing an account that the user actually has and trying to help them fix a false problem.

How to identify and avoid pretexting attacks

  • Contact the initial source directly, rather than the person sending or requesting information or money. If someone claiming to be from a company contacts your business, requesting entry to the building or access to technology, calling or emailing that company directly will allow you to verify the service or request.
  • Use additional caution when interacting with individuals outside of your business who claim to be providing a service (coming into the building to fix an issue) or requesting that you reset a password for an account. This might include instructing every person who comes on premises to provide photo ID or asking if you can call back later to reset the account password. Often creating another step in the process and strictly enforcing it will cause a pretexter to give up.
  • Employ artificial intelligence in company email platforms. AI may not catch every suspicious email, but it can be trained to notice strange domains and commonly used phishing phrases through natural language processing. These messages can then be quarantined and require the recipient go through additional authentication steps to verify the email’s validity.

 

Jenna Phipps
Jenna Phipps is a contributor for websites such as Webopedia.com and Enterprise Storage Forum. She writes about information technology security, networking, and data storage. Jenna lives in Nashville, TN.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

Text Abbreviations reviewed by Web Webster   From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

How to run chkdsk

Chkdsk, short for check disk, is a system tool and command...

Monday.com

Monday.com is a cloud-based work operating system that can be used for a...

Secure Socket Tunneling Protocol...

The secure socket tunneling protocol (SSTP) is a VPN protocol where...