Cyber Security

Pretexting: How Criminals Sneakily Steal Your Information

Avatar Andrea Abbondanza , 28 May, 2024

Manipulative scammers are getting more creative. One way they hunt their prey is by pretexting. This social engineering tactic lures the victims into believing them and “voluntarily” sharing private information with the malicious actors.

It’s important to stay alert for this attack. Learn about pretexting techniques, how they work, and the prevention measures!

What is Pretexting?

Warning Sign for Phishing Attack
Warning Sign for Phishing Attack

Pretexting is a common social engineering attack in which attackers craft a believable, fictitious situation to trick the victims into disclosing personal information. They may appear to be trustworthy sources with legitimate credibility that make you feel more okay disclosing sensitive information.

They may disguise themselves as various personas: a bank employee, a government official, or even close relatives. Sometimes, they even act as a flirty dating app match that you can click with from the first swipe.

The idea is to deceive you into disclosing information that may be used for fraudulent purposes, such as unauthorized account access or identity theft.

Pretexting Attack Techniques

Phishing alert
Phishing alert

As this attack mainly relies on made-up scenarios, there are various techniques implemented, including:


A threat actor requests access from authorized individuals by creating a plausible scenario. For example, a malicious actor attempting to enter a building claims they’ve forgotten their ‘ID pass’ and then seeks assistance from other employees entering the same building. This technique is quite hit-or-miss, as the employee may be vigilant enough not to be a piggybacking victim.


In phishing attacks, a threat actor is disguised as someone familiar or trustworthy and employs their attack via various communication channels. This can be in the form of malicious attachments, fraudulent data entry forms, and malicious web links sent via email, texts, or phone calls.


Attackers scare potential victims with deceptive warnings. For example, a fake malware alert appears on someone’s device, urging them to install a specific application for protection. Ironically, that very application is the actual malware.


Living up to its name, a malicious impersonator will impersonate a familiar character with whom the victim is willing to cooperate, such as a colleague, customer, or authoritative figure. This, again, exploits trust during the attack.


While piggybacking involves an unauthorized actor asking for “help” from an authorized actor, tailgating actors shadow the authorized person closely, slipping into the building before the entrance gate fully closes. No direct requests are involved in this type of social engineering—just stealthy entry! 


Using bait like a familiar company logo, a threat actor tricks victims into giving away private information or unknowingly spreading malware. For example, they might hand out a USB drive secretly loaded with harmful software.


Vishing, or voice phishing, is another form of phishing using voice calls or robocalls. They may request personal details under false pretenses or issue threats and promises, aiming to deceive you into disclosing sensitive information.

How Does Pretexting Work?

Social engineering attacker do their action
What is Social Engineering?

A simple explanation of how pretexting works would be:

  1. A threat actor crafts a scenario including specific characters and details about the victim.
  2. The actor uses the scenario to manipulate the victim’s trust and emotions.
  3. The victim falls into the trap and shares their private information without their consent.

With the rising generative AI models, pretexting has become more empowered. Research has found that actors have been using deep fakes or other kinds of AI to mimic trusted organizations and important figures.

Real-Life Pretexting Examples

Two hands touching keyboard with a warning sign
How to Identify a DDoS attack

Over the years, a myriad of pretexting cases have been happening worldwide. Below are some of the examples:

The “AIDS” Trojan (1989)

The AIDS Trojan, also known as Aids Info Disk or PC Cyborg Trojan, emerged in 1989. This attack wreaked havoc on DOS systems. The Trojan-encrypted directory names on drive C render the system unusable. After 90 system boots, AIDS demanded users “renew the license” by paying US$189 to the PC Cyborg Corporation (via a Panama post office box).

It was an early example of ransomware, holding files hostage until payment. Despite legal troubles, the creator defended the funds as AIDS research. The Trojan’s weaknesses led to further cryptographic breakthroughs.

Quanta Computer Fraud (2013-2015)

In 2013-2015, Evaldas Rimasauskas pulled off a $100 million phishing scam targeting tech giants like Google and Facebook. His trick? He set up a fake business that looked like Taiwan-based Quanta Computer—a real partner of both companies.

By sending convincing emails, Rimasauskas fooled employees into transferring money to fake accounts. Despite the huge losses, both firms managed to recover most of the stolen funds.

Job Seeker Phishing and Extortion (2023)

In 2023, layoffs hit the tech industry, leading scammers to exploit this opportunity to trick job seekers into filling out fake job vacancy forms. The result? Many job seekers “voluntarily” share their personal documents.

How to Prevent Pretexting

Data loss prevention
Data loss prevention

Don’t fall into those scammers’ trap; learn to prevent pretexting by doing these steps:

AI-Based Email Analysis

AI-based email analysis uses artificial intelligence to examine and interpret email content, helping to detect pretexting indications. On top of that, it helps filter spam emails and examines the language style commonly used in pretexting. 


DMARC is a common email authentication protocol that helps domain owners protect their domain from unauthorized use, often known as email spoofing.

This technology helps prevent business email compromise attacks, phishing emails, and other cyber threats by instructing email servers on how to handle sketchy emails that don’t pass these authentication checks.

User Education

Educate users on how to identify pretexting by sharing real-life examples of spoof emails. When users are educated, it will be easier for them to notice the pattern of the pretexting scheme.

Frequently Asked Questions

What is the difference between phishing and pretexting?

While pretexting sets up a scenario for a future attack, often involving direct interaction and a fabricated story to gain trust, phishing is often the attack itself, using deceptive emails or messages to trick people into revealing sensitive information.

What is the impact of pretexting?

Some of the impacts of pretexting are financial loss, financial penalties, loss of trust, and damaged reputation.

Is pretexting the same as phishing?

Phishing is a subattack under pretexting.


Pretexting is a form of social engineering based on made-up scenarios to lure victims to share their private information. Attackers employ various techniques to do pretexting. Fortunately, there are various prevention efforts to prevent us from falling into these attackers’ traps and letting them gain access to our information.

If you’re interested in learning more about cybersecurity to safeguard your business from pretexting, contact Fluxgate now!