(also pretexting attack)
A social engineering attack where the victim is tricked by a fake scenario (a pretext) to perform an action or reveal personal information. To get victims to lower their guard, attackers often impersonate people the former naturally trusts, like coworkers or officials.
Real pretexting examples
2018: hackers impersonated Cabarrus County (US) suppliers and tricked officials into making payments to a fake bank account, stealing around 1.7 million dollars.
2020: a cybercriminal impersonated Barbara Corcoran’s assistant and through email tricked her into losing nearly 400,000 dollars.
Stopping a pretexting attack
- Always be on the lookout for suspicious activity
- Never reveal personal details without first verifying the organization
- Question the caller — if they try to pressure you, end the call
- Never call back with the same number — get one from a reputable source
- Check emails for odd signs, like wrong words or symbols in the email address