Social engineering attack
What is pretexting in cybersecurity: Working, Examples and Prevention
What is pretexting?
The literal meaning of “pretexting” is “to make a fake story.”. Terminology defines pretexting as a tactic that involves creating a fake but believable story to gain the victims’ trust and obtain their sensitive information.
What is pretexting in cyber security
In the field of cybersecurity, pretexting is one of the most common types of social engineering attacks in which a fake but convincing scenario (or “pretext”) is created for trust-building in front of potential targets to gain their sensitive information easily. Pretexting plays a vital role in initiating many social engineering attacks and works as a basic component of several types of social engineering techniques, mentioned below:
- Phishing — Email Phishing
- Vishing — Voice Phishing
- Smishing — text messages
- Baiting — Baiting attacks
- Tailgating — Piggybacking
Pretexting scams involve attackers gathering publicly available information such as names, addresses, and friend lists of potential targets. After getting knowledge about such information, scammers may get more trusted interaction with their targets using their names, addresses, or any close friend’s name in the fake story (or “pretext”). This enhances the effectiveness of pretexting scams and simplifies the process of grabbing targets.
Pretexting scams involve creating a sense of urgency or fear to obtain the victim’s sensitive information, such as credit card numbers, social account numbers, and login details.
How Pretexting Scams Work
According to the book “Social Engineering Penetration Testing,” the pretext includes two key portions, which are “Character” and “Situation,” respectively.
- Character—Role played by Scammers
- Situation—The fake story
This structure of pretexts can be helpful in easily understanding the working pathway of pretexting scams. Typically, the workings of pretexting are similar to other social engineering techniques like vishing and smishing. However, the steps involved in the working of pretexting attacks are:
Target Searching
During the initial stage of pretexting scams, scammers gather personal information, such as the names and addresses of potential victims, through social media accounts, company websites, or other publicly available sources. This step proves helpful in developing a more convincing situation.
Creating a situation
Attackers use gathered information to create a fake story, making it more believable and convincing. Attackers include the names or addresses of victims in the pretext to make it more related to the real lives of victims. Such situations seem to come from a known person or organization like a coworker, IT staff member, or law enforcement officer.
Trust Building
After planning the situation, the scammers attempt to reach out to their chosen victims through phishing emails, text messages, voice messages, or face-to-face interactions to build trust. The attackers create a sense of fear or sympathy for the victims and ensure that they can solve the issue easily, which makes the attackers more trustworthy.
Data Collection
Once the trust has developed, the attackers request the victims to provide their sensitive information, such as personal identification numbers (PINs), credit card accounts, and other login details. Once they have obtained the data, they secure it for further malicious activities and depart without leaving any clear signs.
Examples of Pretexting Scams
Pretexting plays a vital role in a variety of cybercrimes and financial attacks, making it a key component of almost all types of social engineering techniques. Here are some common examples of pretexting attacks that are widely recognized globally.
Account update scams
The attackers contact the victims, revealing themselves as agents of any well-known bank. They request the victims to provide information about their (victims) account numbers to update the account.
Tech Support Scams
The victims receive a fake notification from scammers who pretend to be tech support agents from well-known companies such as Microsoft and Apple. Attackers inform victims that their devices have downloaded harmful software and guide them to provide sensitive information for solving the technical issue.
Grandparent Scams
The attackers usually target aged persons by contacting them as their grandsons or any other family members. The scammers tell them a fake story and show a situation of emergency, such as a car accident or legal issue, and then demand a handsome amount to pay for medical bills or bail.
Romance Scams
The scammers create fake profiles on social media platforms to build relationships with their selected target. As victims fall into imaginary love and get affection, scammers may ask for gifts, money, or even other sensitive information.
Job Offer Scams
The attackers target jobless persons by offering them potential jobs and providing attractive salaries. The attackers usually ask the candidate to fill out the provided files with required information that may involve financial details or other sensitive information, like social account numbers or passwords.
Some Real-life Examples of Pretexting Scams
- Hewlett-Packard pretexting scandal (2006): Hewlett-Packard (HP) organized an investigation team, pretending to be the company’s board members to obtain their phone records via pretexting, which resulted in a major corporate scandal and legal penalty for the company.
- Ubiquiti Networks Scam (2015): The attackers pretended to be the directors of Ubiquiti Networks and requested the employees to send a large amount of money to the attacker’s accounts, which resulted in a huge financial loss of about 46.7 million dollars.
- Quanta Computer Fraud (2013-2015): The attackers used pretexting techniques to contact tech companies like Facebook and Google, pretending to be representatives of Quanta Computer to provide tech support, and gained a huge amount of about 100 million dollars.
How to Protect Against the Pretexting Scams
Some effective techniques that prove helpful in protecting against pretext attacks are:
- Security Awareness Training: The most effective method to avoid pretexting attacks is security awareness training of company staff. Every employee must be educated on what is pretexting, how it works, and techniques to avoid such cyber attacks.
- Focus on Security Practice: Use Two-Factor Authentication (2FA). Because 2FA requires you to enter your confirmation code or password again, it’s the best security practice to protect any individual or company from cyber attacks like pretexting.
- Install Antivirus and Security Software: Install the antivirus and security software on your devices that protect your devices from downloading any malicious software and block the cyberattacks associated with pretexting.
Law and Pretexting
Gramm-Leach-Bliley Act (1999)— This act criminalizes the financial institutions that obtain the customer’s information via pretext.
Telephone Records and Privacy Protection Act (2006)—This law opposes the use of pretexting to collect users’ call records or other information without authorization.
Federal Trade Commission (FTC) Regulations—This act bans the enacting of government agencies or business firms.
Read More
What might be a Phishing Message?
What Happens if You Click on a Phishing Link? Risks and Results Explained
What is Smishing and Phishing examples?
Vishing Attack: How to Recognize and Prevent Voice Phishing Scams
What is pretexting in cybersecurity: Working, Examples and Prevention
How to Choose the Best eCommerce Development Company for Your Business Growth
How to Prevent Smishing?
What is Smishing and Phishing examples?
What is Smishing in Cyber security?
Top 10 Web Development Companies In USA
Smishing Scams: How it Works, Examples, and Prevention
USPS Warns of Smishing Scams During the Holidays
What Challenges do Organizations Face in Implementing Business Analytics and Decisioning Solutions
Scammers Target Toll Road Drivers with Smishing Scam Via Text Messages
How Blockchain Is Driving A Revolution In The Gaming Industry
Is It Possible That Coding Will Be Relevant in 2025?
iOS App Development Company: Your Door to Latest Tools for App Development
Unleashing Agility and Efficiency: Exploring the Synergy between Cloud and DevOps
Why Should Companies Outsource Cyber Security Functions?
AI-Driven Transformations How Deepfakes Will Reshape Marketing in 2024
How to Choose the Right VPS Hosting in Germany for Forex Trading
Empowering Your Digital Strategy With Chatbots
How Do You Develop an Admin Panel for the Delivery Everything App?
What is Spear Phishing and How You Can Identify This Scam?
-
Cybersecurity10 months agoiOS App Development Company: Your Door to Latest Tools for App Development
-
Cybersecurity10 months agoWhy Should Companies Outsource Cyber Security Functions?
-
Deepfake attack9 months agoAI-Driven Transformations How Deepfakes Will Reshape Marketing in 2024
-
Cloud Computing & IT Services9 months agoHow to Choose the Right VPS Hosting in Germany for Forex Trading
-
Emerging Technologies9 months agoEmpowering Your Digital Strategy With Chatbots
-
Fintech9 months agoHow Do You Develop an Admin Panel for the Delivery Everything App?
-
Phishing attack1 month agoWhat is Spear Phishing and How You Can Identify This Scam?
-
Social engineering attack3 months agoBaiting Attacks Explained: A Closer Look at Cyber Threat Tactics