Pretexting

Pretexting is a type of social engineering attack that involves a situation, or pretext, created by an attacker in order to lure a victim into a vulnerable situation and to trick them into giving private information, specifically information that the victim would typically not give outside the context of the pretext. In its history, pretexting has been described as the first stage of social engineering, and has been used by the FBI to aid in investigations. A specific example of pretexting is reverse social engineering, in which the attacker tricks the victim into contacting the attacker first. A reason for pretexting's prevalence among social engineering attacks is its reliance on manipulating the human mind in order to gain access to the information the attacker wants, versus having to hack a technological system. When looking for victims, attackers can watch out for a variety of characteristics, such as ability to trust, low perception of threat, response to authority, and susceptibility to react with fear or excitement in different situations. Throughout history, pretexting attacks have increased in complexity, having evolved from manipulating operators over the phone in the 1900s to the Hewlett Packard scandal in the 2000s, which involved the use of social security numbers, phones, and banks. Current education frameworks on social engineering are used in organizations, although researchers in academia have suggested possible improvements to those frameworks. Social engineering is a psychological manipulation tactic that leads to the unwilling or unknowing response of the target/victim. It is one of the top information security threats in the modern world, affecting organizations, business management, and industries. Social engineering attacks are considered difficult to prevent due to its root in psychological manipulation. These attacks can also reach a broader scale. In other security attacks, a company that holds customer data might be breached.