Pretexting

What Is Pretexting?

Pretexting is a social engineering tactic used by threat actors to gain trust, data, or access to accounts using a fabricated story, or pretext. Threat actors will often assume the role of a person in authority, or a person the victim knows, to lend their story legitimacy.

How Does Pretexting Work?

Pretexting takes skill. And not the typical coding skills you might think of when you hear “cybercriminal.” Pretexting is about inhabiting a character and lying so convincingly that a victim gives up whatever the threat actor is asking for freely.

The key component of a pretexting attack is the conversation the threat actor has with the victim. During this conversation, the attacker will try to gather sensitive information through a series of lies.

This type of social engineering is often effective because the social engineer will have crafted a convincing story; done research on you, your role, and your organisation; and will know what they’re going to say, the questions they will ask you, and how to answer and react to any of your questions — all in a way that maintains their credibility. By manipulating emotions and creating a sense of urgency they get you to silence the critical part of your brain and act fast before you can catch on to their ruse.

Major Types of Pretexting Attacks

Pretexting attacks can take place online, over email, on the phone, through text messages, or even in person. Here are a few of the most common attack vectors in which pretexting is conducted:

Phishing

Phishing involves fraudulent communication with the intent of stealing sensitive data (such as login credentials or credit card information), deploying malware into a computer system, committing financial fraud, or practically any other nefarious endeavor you might imagine.

From its origins at the start of the new millennium to today, phishing has turned our email inboxes into a danger zone. Simply opening an email and clicking on a link can have dire consequences.

Due to the prevalence of phishing, every business, regardless of its size or industry, is at risk. And since this type of attack relies on human error and has a high degree of success, phishing will remain a favorite tool of threat actors for the foreseeable future.

Scareware

Scareware attacks use pop-up ads to frighten a user into thinking their system is infected with a computer virus, and that they need to purchase the offered anti-virus software to protect themselves. Instead, the software itself is malicious, infecting the user’s system with the very viruses they were trying to prevent.

Baiting

Baiting uses a false promise — an online ad for a free game or deeply discounted software, or even a thumb drive mailed to you or left on the ground in the company parking lot — to trick the victim into revealing sensitive personal and financial information, or to get them to click on a malicious link or open a malicious file to infect their system with malware or ransomware.

Vishing

Also known as voice phishing, vishing employs the telephone or VoIP (voice over internet protocol) technology. This type of attack is most commonly used against the elderly. Attackers may, for instance, claim to be a family member who needs an immediate money transfer to get themselves out of trouble. They might also pose as a charity, especially after a natural disaster, to solicit money.

Tailgating

Tailgating is an attempt to gain unauthorised physical access to secure spaces on company premises through coercion or deception. Organisations should be particularly sensitive to the possibility of recently terminated employees returning to the office using a key card that is still active, for example.

Most Common Pretexting Techniques

Social engineers have, over time, developed, practiced, and perfected several pretexting techniques that they employ in specific situations, against specific targets.

Impersonation

This is the most common pretexting technique. In it, the threat actor does extensive research, pulling as much information as possible from publicly available resources and records such as social media and company reports and filings. Then the threat actor assumes a role.

Most often it’s a person in a position of power in your company. It could be your “CEO” asking you to purchase ten $100 gift cards. It could be a “third-party vendor” advising you to send payments to this new address. It could even be your “nephew,” whose car has broken down and needs money wired ASAP. Whatever the lie, social engineers count on their research, their skill, and your emotional response to an emergency to get you to take the action they want.

Impersonation is common in business email compromise (BEC) attacks, which often begin with pretexting.

Romance

It’s like catfishing, but more costly. In a romance pretext, the threat actor tricks you into believing they’re an attractive, available, potential partner, and that they have fallen for you. By leveraging the good feelings and trust this emotional state puts victims in, they then convince the love-struck target to send money, data, or credentials.

Cryptocurrency

A relatively new pretext technique, this is the modern equivalent of the “Nigerian Prince” scam. If you’ve had email in the past three decades, you’re no doubt familiar with that particular phishing email, where a deposed Nigerian prince (or other person of means, royalty, or fame) needs your help moving a fortune out of their country.

If you agree to help, they promise to pay you a portion of the funds. But there is no prince, there is no fortune, and it’s all a scam designed to access your bank accounts and drain them.

The cryptocurrency pretext is largely the same scam, though reskinned in more modern get-rich-quick clothing. Here the threat actor promises an “incredible investment opportunity” in the emerging market of cryptocurrency, something few truly understand but nearly all are aware of.

Leveraging the power of the stories that have been circulating about how some of those who got in early have turned small investments into small fortunes, threat actors in this pretext promise that same sizable return. As soon as you send the money, the threat actor vanishes with it.

Preventing Pretext Attacks

Social engineers find success with pretexting because they know that employees are often overworked and under-trained. The key to stopping these attacks in their tracks is a robust security awareness training program, one that empowers employees to recognise and neutralise social engineering attacks like the ones above.

Arctic Wolf Managed Security Awareness® delivers high-quality, updated content to employees in small, manageable chunks at a greater frequency, improving reaction time, boosting engagement and increasing retention by up to 200%.

Arctic Wolf

Arctic Wolf provides your team with 24x7 coverage, security operations expertise, and strategically tailored security recommendations to continuously improve your overall posture.

© 2024 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Customer Portal Policy	Accessibility Statement	Sustainability Statement	Information Security	Cookies Settings

SOLUTIONS

INDUSTRIES

Quickly detect, respond, and recover from advanced threats.

Detect and respond to advanced threats targeting your cloud infrastructure and applications.

Discover, assess, and harden your environment against digital risks.

Explore, harden, and simplify your cloud environment against misconfiguration vulnerabilities.

Engage and prepare employees to recognise and neutralise social engineering attacks.

Recover quickly from cyber attacks and breaches, from threat containment to business restoration.

HOW IT WORKS

Delivering security operations outcomes.

Collect, enrich, analyse.

Ecosystem integrations and technology partnerships.

Tailored security expertise and guided risk mitigation.

Security experts proactively protecting you 24×7.

Meet some of the security experts working alongside you and your team.

TRENDING RESOURCES

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

Oracle Red Bull Racing trusts Arctic Wolf to secure its expansive IT environment and the mission-critical proprietary data it contains.

The elite security researchers, data scientists, and security developers of Arctic Wolf Labs share forward-thinking insights along with practical guidance you can apply to protect your organisation.

SECURITY BULLETINS

CVE-2024-20353 and CVE-2024-20359: Cisco ASA and FTD Vulnerabilities Exploited by State-Sponsored Threat Actor in Espionage Campaign “ArcaneDoor”

Cisco Duo Third-Party Compromise

Critical Authentication Bypass Vulnerability in Delinea Secret Server Disclosed Along With PoC

COMPANY