What is pretexting? How it works and how to prevent it

Pretexting is a type of social engineering attack in which the attacker gains a victim’s trust in order to obtain their private information. Establishing the victim’s trust is critical to the attack’s success, so the attacker will research their target and create a plausible backstory to make themselves more credible.

Unlike most phishing scams, pretexting doesn’t require the user to click a link that downloads malware or sends them to a bogus site. Instead, pretexting, much like vishing, sees the attacker masquerade as someone from a legitimate organisation to dupe victims into handing over sensitive information without hesitation.

Learn more about other types of social engineering here >>

How does pretexting work?

In pretexting scams, fraudsters build up a relationship with the victim to gain their trust.

Example:

Your organisation’s Finance Assistant receives a phone call from someone claiming to be from an existing supplier. After a series of phone calls in which the caller explains the need to verify financial information as part of a new process, the Finance Assistant provides all the details the caller requires.

In this scenario, the caller built a relationship with the victim using a backstory that was compelling enough to trick the target into handing over the information.

Spotting an illegitimate request isn’t easy, so it’s always best to check with a colleague if in doubt. No matter how convincing the story, it’s important not to give out sensitive information over the phone.

How to prevent pretexting

Every member of staff is responsible for information security in their organisation. Security best practices need to be embedded in working practices to be most effective. Regular staff awareness training can break users’ bad habits and increase their vigilance to reduce your organisation’s risk of attack.

Our course topics include phishing, phishing and ransomware and information security. View the full range here.

Get in touch with our team today to find out how we can help >>