// THREAT DETECTION AND DATA PRIVACY TERM
Pretexting
Pretexting is a type of social engineering where an attacker creates a fabricated scenario, or a 'pretext,' to trick an individual into divulging confidential information or performing an action they wouldn't normally do. This often involves impersonating someone trustworthy, like a colleague or IT support.
TECHNICAL DEFINITION
Pretexting is a sophisticated social engineering attack vector characterized by the creation of an elaborate, believable fictitious scenario (pretext) by an attacker, often impersonating a legitimate entity, to manipulate a target into disclosing sensitive data or granting unauthorized system access. It serves as an initial access technique to facilitate subsequent cyberattacks or identity fraud.
BACKGROUND
In the context of information security, social engineering is the use of psychological pressure to influence people to perform actions or divulge confidential information. It has also been more broadly defined as "any act that influences a person to take an action that may or may not be in their best interests." A type of confidence trick for the purpose of information gathering, fraud, or system access, it differs from a traditional "con" in the sense that it is often one of many steps in a more complex fraud scheme. Phishing is a type of social engineering. Researchers have developed detection techniques and cybersecurity educational programs.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Social engineering
- Impersonation
- Deception
- Psychological manipulation
- Con artistry
- Vishing variant
USAGE NOTE
Pretexting is a common tactic in advanced persistent threats (APTs) and targeted attacks to gain initial footholds or gather intelligence before launching more technical assaults.
DEVELOPERS
Organizations developing technology related to Pretexting.
Provides security awareness training and simulated social engineering attacks, including pretexting, to educate users and test an organization's susceptibility.
Offers a comprehensive suite of security solutions including email protection, threat intelligence, and security awareness training, all of which help defend against pretexting and other social engineering tactics.
Specializes in phishing detection and response, and also offers security awareness training, directly addressing human-centric attacks like pretexting.
Provides email security, continuity, and archiving services, along with security awareness training designed to protect organizations from social engineering techniques such as pretexting.
A leading provider of cybersecurity training and certifications. Their courses often delve into social engineering techniques, including pretexting, and how to defend against them.
Offers a wide range of cybersecurity solutions including endpoint protection and security awareness training which includes modules on identifying and resisting social engineering attacks like pretexting.
Through its Terranova Security acquisition, Fortra provides security awareness training and phishing simulations to combat social engineering and pretexting attempts.