Pretexting Definition

KZero Staff
Oct 17, 2023

Pretexting is a special type of attack that leverages social engineering to obtain specific bits of information such as passwords or personal information in order to conduct a cyberattack.

Pretexting usually involves a pretext that is able to convince the victim of the trustworthiness of the attacker who will pretend to be a qualified counterparty such as an executive of a company, a qualified investor, or an IT professional.

The most common pretexting techniques include:

  • Phishing: these attacks usually involve emails or text messages and use pretexting to deceive the victim. Phishing attacks often involve a malware that is sent in the form of an attachment or as a link to be clicked on.
  • Baiting: this specific type of pretexting technique usually involves an attractive promise such as the opportunity to obtain significant financial gains or to get some free goods. Baiting can either occur digitally on the internet or in the physical world. A good example of baiting in the physical world would be a usb flash drive being left on the floor with a catchy note or a trusted logo aimed at deceiving the victim so that a malware can be installed in a company’s computer.
  • Scareware: this pretexting technique uses fear in the victims to drive behaviour. For example, the victim can be informed that the computer has a virus and needs to communicate passwords to obtain access to it.
  • Vishing: this specific technique leverages phone calls to get the victim to give away personal information and to gain access to restricted services. Vishing attempts usually target the elderly and involve attackers pretending to be government officials or bank representatives.
  • Smishing: this is similar to vishing, except it involves SMS messages rather than phone calls.
KZero Staff

Explore more insightful content from the knowledgeable KZero staff on our blog and guides section.

Glossary Terms

Stay up to date with the most recent #infosec topics

Trending Topics

Interested In
Next-Gen MFA?

Discover Multi-Pass enterprise passwordless authentication

Share the page: