With growing cybersecurity awareness, modern computer users know the dire consequences of clicking on fraudulent emails and malicious website links. Hence, cybercriminals now rely not only on hacking computer systems but also on manipulating people. Data suggests 98% of attackers use social engineering tactics such as pretexting to exploit human psychology and capitalize on emotions like fear and confusion. So, what is pretexting in cybersecurity? In this article, we will explore this popular scamming technique to equip cybersecurity professionals with the right knowledge and skills to protect their organizations against potential threats.
What is Pretexting in Cybersecurity?
By definition, pretexting is a type of social engineering tactic where a perpetrator tries to persuade a victim to divulge sensitive information. In this type of attack, scammers create a story or pretext to establish a false sense of trust and ultimately deceive the victim. The attacker typically presents himself as a person in a position of authority, such as a government official with the legal right to obtain the information they are after or as a person who can use it to assist the victim.
How Does Pretexting Work
The two social engineering elements needed to create a convincing pretext include a plausible scenario and a character.
Pretexting attackers conduct extensive research beforehand to develop a scenario that the target finds believable. To create a realistic story, they might check a target’s social media to discover everything they can—from the places their target visits to the people they meet. Additionally, attackers can hack a target’s email to recover recent purchase receipts, online subscription service details, or even banking information.
By putting all the information traces together, attackers can draw startling conclusions about the target’s personality, lifestyle, and job. This helps them to fabricate a realistic story and impersonate a believable character to gain a target’s trust and ultimately manipulate them.
Attackers skilled at pretexting create well-designed stories to deceive not only individuals but also large enterprises. In this section, we will discuss a few well-publicized examples of pretexting attacks.
The Hewlett-Packard (HP) Scandal
Americans encountered pretexting for the first time in 2006 when Hewlett-Packard”s (HP) internal conflict turned into a public controversy. HP’s management team hired private investigators (PIs) to determine which board members had been leaking information to the media.
The PIs impersonated board members using their Social Security numbers (that HP had provided) to trick phone companies into handing over call records. The whole scandal ended in Patricia Dunn, the chairwoman of HP, resigning in disgrace and criminal charges being filed against her.
Email Phishing Attack Imitating U.S. Department of Labor
In a 2022 social engineering attack, individuals impersonating the U.S. Department of Labor asked users to submit bids in order to obtain their Office 365 credentials. This fraud, which had been going on for months by utilizing 10 different phishing sites, is a notable example of how effective social engineering attacks have become.
What is a Pretexting Attack in Cybersecurity?
The most common pretexting attack types that individuals and organizations need to be aware of are described below:
In a grandparent scam, a threat actor spends time gathering information about the target and their family members. They might check the target’s social media friends list and profiles commenting on public photos. Finally, they create a fake profile using stolen data to pose as the grandchild and request money. The pretext story usually comprises an emergency situation such as a car accident or academic problems.
In such a pretexting fraud, the scammer pretends to be an online love interest, winning the target’s trust over a course of weeks or months. This typically culminates in the individual then asking the target for a favor, such as a large loan for an emergency, an airline ticket, or an expensive gift.
Such hackers either directly target high-level executives in an organization or impersonate company executives to target employees. In a whaling attack, the scammers aim for financial information about payments and transactions by using the pretext of a business deal.
Hackers use pretexting scams to deceive individuals interested in cryptocurrency trading by pretending to be affluent and knowledgeable investors. They persuade their targets to invest in cryptocurrencies by fabricating tall tales of financial gains. However, once these scammers receive the money, they simply disappear.
Pretexting Attack Techniques
Pretexters employ a variety of methods or techniques to win over their targets’ confidence and persuade them to divulge important information. Some of these common techniques include:
1. Vishing and Smishing
Vishing, also known as voice phishing, involves tricking a victim into divulging personal information through a phone call. On the other hand, smishing targets people using text messaging. Older people are frequently the target of vishing attacks, which frequently appear to be from social security representatives seeking personal information.
An attractive promise is used in a baiting attempt to win the victim’s trust and transmit malware or steal personal data. A common scheme is to place a flash drive with the company logo on the corporate property in the hope that an employee will believe it is legitimate and plug it into a computer. This, in turn, will introduce malware into the system.
An impersonator mimics the behavior of another character, typically someone whom the user trusts, such as a friend or colleague. This kind of scam involves preserving credibility while forging the phone numbers or email addresses of impersonated institutions or individuals. An example of impersonation includes SIM-switch fraud which leverages flaws in two-step verification procedures to hack target accounts.
Scareware is a sophisticated deception scheme that claims to have detected a virus in a computer system and instructs the victim to install antivirus software for protection. Instead, it introduces malware to conduct a cyberattack.
Phishing attacks impersonate a person or company through email in order to steal sensitive information. Many phishing attempts are built on pretexting; for instance, an email can be sent to a high-level executive pretending to be from someone inside the company. The email usually contains a malicious attachment which, if opened, can compromise the entire system.
Piggybacking is a technique used for gaining physical access to a facility by following an authorized user into a restricted area. In such an attack, the offender lingers at a building’s entry while claiming to have misplaced their access badge in the hope that an authorized individual will unintentionally allow them entry into the facility.
Much like piggybacking, tailgating is an attempt to physically enter a facility. However, unlike piggybacking, the attacker enters unnoticed by the authorized individual. In other words, the victim is completely unaware that an offender has used them to enter the facility. In such attacks, the intruder closely follows the authorized person and enters through a door before it fully closes.
How to Prevent Pretexting in Cybersecurity
Businesses are implementing several methods to protect employees as well as clients against pretexting.
1. Domain-Based Message Authentication, Reporting, and Conformance (DMARC)
Impersonation and email spoofing are popular methods of pretexting. Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an open email authentication protocol that detects and prevents spoofing and phishing used in email-based cyberattacks.
2. AI-Powered Email Analysis
Artificial Intelligence (AI) is used in next-generation anti-phishing technology to analyze user behavior and spot signs of pretexting. Additionally, it can detect irregularities in email addresses and email traffic, such as cousin domains and display name spoofing. A component of AI called Natural Language Processing (NLP) analyzes language and can identify words and phrases used in phishing and pretexting.
3. Educate and Empower Users
Unfortunately, the weakest link in any organization’s cybersecurity system is its people. According to Verizon’s 2021 Data Breach Investigation Report, 85% of data breaches involve a human element. Therefore, educating users by sharing real-life pretexting instances, training them to identify email spoofing, and establishing rules about financial transactions (including validating requests in person or over the phone) is an effective way to protect users against pretexting attacks.
Prevent Pretexting with Emeritus
Scammers are creative, and pretexting is just one of the many social engineering tactics used for stealing sensitive information. Therefore, it is essential to understand common scamming techniques and be aware of the detection methods for protecting oneself from becoming a victim.
Emeritus’ online cybersecurity courses offered in association with the world’s top universities deliver knowledge and training on key security concepts and methods needed for organizations to stay on top of possible cyberattacks. Enroll in our courses today to upgrade your cybersecurity awareness and skills and gain an edge over scammers!
By Rupam Deb
Write to us at firstname.lastname@example.org