I really appreciate Kevin's fast action and solution to fix our problem.
Are you sure you can tell when someone is trying to scam you online?
As humans, our cognitive bias leads us to make irrational decisions, and we are easily inclined to trust. Social engineering encompasses a broad list of malicious activities such as phishing, baiting, quid pro quo, tailgating, and pretexting. However, this article will specifically focus on pretexting.
In the IT security industry, social engineering refers to psychological manipulation or the fooling of unsuspecting persons into divulging sensitive and confidential information. Social engineering relies on human instinct, and it is a more straightforward and less costly method to gain access to data compared to hacking into systems.
Pretexting is an example of social engineering where the attacker invents a scenario or a story (pretext) to charm the potential victim in a way that raises the possibility of the said victim disclosing sensitive and valuable information about themselves. This revealed information (in the form of bank details, social security number, the last bill paid, etc.) will enable the perpetrator to gain access to systems and services that the victim is subscribed to.
How Does Pretexting Work?
Before the confrontation, the attacker will have carried out extensive research on their potential victim. They will often use the Internet and leaked personal data from previous data breaches to establish their authenticity.
This data will also help them create a credible tale that leaves little room for doubt to help establish trust and build rapport with the potential victim. The attacker will provide the target with aspects of their personal information such as their job title, home address, job location, phone number, work history, and credit card information.
The attacker typically creates a sense of criticality by pretending to need the victim’s confidential information to perform a crucial task. Since they already have some of the target’s personal information, they will claim to need more personal information on the victim to confirm their identity.
To be successful, the attacker must invent a believable scenario or story to convince the target. This scenario is also known as a pretext.
They include:
In the process of engaging the target, the attacker gets personal information that they would use to commit secondary attacks or identity theft.
Traditionally, employees for companies such as credit card companies, insurance companies, security firms, financial organizations, and banks were the main targets of pretexting. However, the focus has been shifted to individuals.
How Can You Take Personal Responsibility?
What Steps Can You Take To Protect Your Organization?
Click here to get started and let our years of expertise, professionalism, and experience in cyber-security design solutions that will guarantee your data security.