Security Awareness – Pretexting
Thursday, August 21st, 2008Pretexting is another form of attack found to be on the raise that is typically done over the phone. Usually used by social engineers for identity theft, pretexting is the act of creating and using an invented scenario to persuade the victim into releasing confidential or personal information.
Example of Pretext attack
A pretexter may call and claims that he is from a survey firm and asks you a series of questions about your credit card usage as part of the survey. Questions may include your Full Name, number of credit cards you have and from which bank, your age, your monthly income, etc).
When the pretexter has the information he wants, he uses it to call your financial institution. He pretends to be you and might claim that he has forgotten to bring the security token to login to the web banking account and needs information on the account immediately.
