At Cyber
What is Pretexting in Cyber Security?

Cyber security is an ongoing battle, and scammers are constantly innovating and tweaking their methods and tactics to scam people out of their money and information. One of the most common forms of scamming in cyber security comes in the form of pretexting.

It’s especially insidious, as pretexting relies on trust, ignorance and sometimes even fear to work. But what exactly is pretexting, and what can be done about it?

In this overview, we will be taking a look at the basics of pretexting, how you can detect it, and how you can protect yourself against it. By the end, you will have a better idea of what it all entails and will be able to be on the lookout for any pretexting attempts.

Key Takeaways

  • Pretexting is where someone will impersonate a trusted person or party in order to gain information or to get someone to do something.
  • An example of pretexting could be someone pretending to be an employee of a company or institution that the victim could realistically be in contact with.
  • Pretexting is considered fraud in many cases and has been specifically branded as an illegal act.
  • You can protect yourself against pretexting by being extra vigilant and always checking that you’re talking to someone legitimate before giving out info.

What is Pretexting?

Pretexting is an act that has the perfect name, as it succinctly describes exactly what it entails. Basically, it involves someone using a ruse or pretext to trick a victim into surrendering information or access.

That is a very basic simplification of the process, and it can come in many forms, but it is the basic principle. Pretexting is something that you can hear about and assume you would never fall for, but it can be very easy to become the victim of a pretexting attack.

As we move throughout this article, we will look at some of the different types of pretexting and how they relate to the law.

What is an Example of Pretexting?

Pretexting can come in many forms, but it can often come in the form of someone impersonating an authority figure or even someone who the victim would trust. This could be done in many ways, and it could be very convincing.

For example, if you work for a large company then a scammer may see that and use it to their advantage. They could send an official-looking email that appears as if it’s from a higher-up at the company and then request login information.

If you don’t look that closely, you may comply with what looks like a request from someone in charge of you and send the information.

Scammers can use various tactics to make it look like they are contacting you via the phone of a friend or a family member, thus getting you to lower your guard and divulge information. These are very simple examples that don’t take many of the nuances of pretexting into account, but they serve as an idea of the forms it can take on a basic level.

Pretexting can often be associated with identity theft as well. We have previously looked at what identity theft is in another article, so that’s well worth reading for more information on the subject.

Pretexting Techniques

Pretexting techniques can be quite varied, but they will often take place over a phone call. The scammer is hoping to create a sense of urgency and in some cases even scare the victim into releasing information or access.

For example, they could be masquerading as a member of a company’s legal department and may make you think you will be facing litigation unless you provide certain information.

It can be accomplished through some other well-known cyber attack techniques such as phishing and baiting. However it is done, it will almost always be done with standard communication methods such as a phone call, email, or other similar methods.

Is Pretexting Illegal?

Generally speaking, pretexting is illegal in the United States (in most cases). It can vary depending on the specifics, but it is against the law to use false pretenses to extort or gather unauthorized access or information.

However, the legality of pretexting can vary, and it can often depend on what the specific circumstances are. In a very general sense, however, it is usually considered illegal to impersonate a person, company, or anything similar in order to deceive or commit fraud.

Pretexting Law

There are various specific laws pertaining to pretexting. Many of these fall in line with fraud laws and penalties, so pretexting crimes can in many circumstances lead to serious litigation.

In 1999, the Gramm-Leach-Bliley Act was established in response to pretexting crimes. This act specifically made acquiring information through pretext illegal, so it will often be cited in such cases.

It often gets a lot more complicated, as there are other laws pertaining to other branches of fraud that could come into play depending on the purposes and goals that pretexting is being used to achieve.

How to Prevent Pretexting

As we have covered in this overview, pretexting can take many forms and can be quite varied. This could make it seem like it’s almost impossible to protect yourself from it, but this doesn’t have to be the case. In fact, you can help to prevent it with some simple habits and practices.

These habits will be helpful not just in preventing pretexting but also preventing other forms of fraud as well. The keyword when it comes to preventing pretexting and other similar crimes would be ‘vigilance.’

If something ever feels off or weird, it’s worth taking a closer look. If someone is ever asking for information that is even remotely sensitive or valuable, it’s worth looking into. Don’t let someone aggressively pressure you into giving information if you didn’t initiate the interaction.

It’s always best to verify information or ask for some kind of credentials if you’re not sure. If they react negatively to your caution then that is in itself a warning sign.

It’s generally a good idea to not give out information over the phone if you yourself didn’t initiate the call. Most institutions won’t ask for passwords or codes, so if they do then you should be wary.

As long as you’re careful with who you give information, then you can make pretexting less likely to befall you.

You can also check out this overview we created on cybersecurity for more information on steps you can take to combat pretexting and other cyber attacks.

Final Thoughts

This overview has been a very brief look at pretexting where we cover the basics of what it can entail. There are many other facets of pretexting that we did not go over, but you will hopefully have a better idea of what it can involve going forward.

You have an idea of what it generally involves, so you can keep a better look out for it. Pretexting can lead to serious consequences and further instances of fraud, so it’s highly recommended to be on the lookout.

As long as you’re careful with who you give out information, then we’re sure you will be a lot less susceptible to any pretexting attacks.

Frequently Asked Questions

What is a Pretexting Attack?

A pretexting attack is when someone will use false pretenses to coax information or access from their victim.

What is Pretexting in Social Engineering?

Pretexting in social engineering could refer to something like a person impersonating an authority figure or a trusted source to coax information from their victim.

What is Pretexting in Hacking?

Pretexting can be used as a means to an end for hacking and fraud crimes such as phishing.

What Law Makes Pretexting Illegal?

The most pertinent law would have to be the Gramm-Leach-Bliley Act established in 1999. This relates specifically to pretexting, but there are other related laws, depending on the crimes being committed.