Library
pretexting
Pretexting
Pretexting involves an attacker creating a fabricated scenario (pretext) to gain a victim's trust and extract information. The attacker typically impersonates someone in authority — an IT administrator, auditor, co-worker, or law enforcement officer — and builds a believable backstory to justify their requests.
How to identify
- Someone you don't know asks for sensitive information with an elaborate backstory
- The person claims authority but can't provide proper verification
- Unusual requests for access, credentials, or personal data
- The story seems designed to bypass normal security procedures
- Pressure to help quickly due to an alleged emergency
- Requests that skip normal verification channels
How to prevent
- Always verify the identity of people requesting sensitive information
- Follow established verification procedures — no exceptions
- Be cautious of unsolicited calls or visits from "authority figures"
- Implement strict access control policies
- Train staff to recognize pretexting scenarios
- Require multi-person authorization for sensitive actions
- Document and report unusual information requests
Learn more