>

Glossary Home

What will I learn?

  1. What is pretexting?
  2. How does pretexting work?

Related Content

Glossary Home

Pretexting

What is pretexting?

Pretexting is a social engineering tactic where attackers create a fabricated scenario or impersonate a trusted figure to manipulate victims into revealing sensitive information, granting access or performing unauthorized actions. It can occur via phone (vishing), email (phishing), SMS (smishing), or in person.

Pretexting is a significant threat to individuals and organizations because it exploits human trust and manipulates victims. These attacks can result in substantial financial losses, severe data breaches, and significant reputational damage.

How does pretexting work?

A pretexting attack typically follows a structured sequence of steps designed to build trust and exploit human behavior.

1. Information gathering

The attacker collects background information about the target, such as their job role, organization, reporting structure, and systems they use. This information is gathered from publicly available sources including company websites, social media profiles, professional networking platforms, online directories, previous data breaches, and Open Source Intelligence (OSINT) tools.

2. Contacting the victim

Using the collected information, the attacker initiates contact with the victim. Communication may occur through one or more channels, such as phone calls, SMS, emails, or even in-person interactions, sometimes within the same attack to reinforce credibility.

3. Gaining trust

The attacker fabricates a convincing scenario tailored to the target and impersonates a legitimate authority or trusted contact. Common impersonated roles include IT support staff, HR representatives, bank officials, vendors, or government agents. The goal is to establish legitimacy and confidence.

4. Requesting information

Once trust is established, the attacker requests sensitive information or actions. This is often framed as necessary to resolve an issue, provide assistance, or prevent a problem. The attacker may also create a sense of urgency, fear, or authority to pressure the victim into complying.

5. Exploitation

After the victim shares confidential data or performs the requested action, the attacker exploits the information to carry out further attacks, such as identity theft, financial fraud, or unauthorized system access. Often, attackers also take steps to conceal their activity and avoid detection.