Pretexting is a social engineering tactic used to create deceptive scenarios to gain a potential victim’s trust and extract information from them. Attackers may pose as customer service representatives, law enforcement officials, or other trusted figures.
Example:
John, posing as an HR employee, fabricates a scenario where he needs urgent access to employee records for a project. He contacts the HR department admin Anna, and convinces her to disclose the information over the phone, claiming that he’s experiencing technical difficulties. John can exploit Anna’s trust using his fake narrative.
Prevention Tips:
- Be wary of unsolicited calls or messages requesting personal information or access to secure systems.
- Verify the caller’s identity through a trusted channel before providing any information.