Home.
Social EngineeringMedium

Pretexting

Pretexting manipulates trust instead of exploiting software flaws. Mature organizations enforce verification rituals that attackers cannot bypass with urgency.

Back to TechniquesTest Your Skills

How Attackers Use It

Attack Summary

Attacker fabricates a believable scenario — IT support, auditor, new employee — to extract information or gain physical access without triggering suspicion.

  • Attacker gathers public company details for realistic impersonation.
  • A fabricated urgent scenario is used to pressure policy exceptions.
  • Victim shares credentials, internal data, or grants physical access.
  • Compromised trust is used to stage broader phishing or fraud.

Defensive Strategy

Defense Summary

Identity verification procedures before sharing information. Callback verification for sensitive requests. Employee training on multi-step verification.

  • Apply callback verification for any sensitive request.
  • Use role-based scripts for helpdesk and front-desk escalation.
  • Educate teams to treat urgency as a risk signal, not authority.
  • Log and review social engineering attempts for awareness updates.

Detection Signals

  • Urgent requests bypassing established verification workflows.
  • Callers refusing callback or identity challenge procedures.
  • Repeated information requests from unknown identities.

Keywords

PretextingPretexting DetectionPretexting PreventionMedium SeveritySocial Engineering SecurityAttack and DefenseThreat DetectionSecurity Hardening

External References

Authoritative references for deeper learning and validation.

Related Techniques

Explore additional techniques with similar risk level.

Port Scanning & Banner Grabbing