Security Awareness - Pretexting

Pretexting is another form of attack found to be on the raise that is typically done over the phone. Usually used by social engineers for identity theft, pretexting is the act of creating and using an invented scenario to persuade the victim into releasing confidential or personal information.

Example of Pretext attack

A pretexter may call and claims that he is from a survey firm and asks you a series of questions about your credit card usage as part of the survey. Questions may include your Full Name, number of credit cards you have and from which bank, your age, your monthly income, etc).

When the pretexter has the information he wants, he uses it to call your financial institution. He pretends to be you and might claim that he has forgotten to bring the security token to login to the web banking account and needs information on the account immediately.

Part of the verification from the bank might be to verify your full name, credit limit, number of cards you have with the bank and if there are any supplementary cards, etc.

If successful, the pretexter may be able to obtain personal information about you such as your bank and credit card account numbers, information in your credit report, and the existence and size of your savings and investment portfolios

How to protect yourself

1) Don’t give out confidential or personal information on the phone, through the mail or over the Internet unless you’ve initiated the contact or know who you’re dealing with.

2) Do not publish your personally identifiable information online or leave them lying around where others have easy access to them.

3) Alert family members to the dangers of pretexting. Explain that only you, or someone you authorize, should provide confidential or personal information to others.

Remember Security Is Everyone’s Responsibility!

If you're new here, you may want to subscribe to my RSS feed or get my latest post directly in your mailbox. Thanks for visiting !