We value your privacy

We use cookies to enhance your browsing experience and analyze traffic anonymously for internal statistical purposes. By clicking “Accept all,” you consent to the use of cookies.

Threats

Pretexting and cyber security: the invisible threat

Learn what pretexting is , how it works, and why it is one of the most insidious types of attacks in modern cyber security.

Pretexting

17 July 2025

Table of contents

  • What is pretexting: meaning and characteristics
  • How a pretexting attack works
  • Pretexting and economic damage: millions of dollars stolen
  • Differences between pretexting and phishing
  • The most used channels for pretexting
  • Romance scams: a case of emotional pretexting
  • Why pretexting is so effective
  • How to defend yourself from a pretexting attack
  • Real examples and case studies

Pretexting is one of the most subtle tools used by cybercriminals to deceive potential victims.

Unlike attacks that rely on technical exploits, pretexting is based on social engineering, the art of psychologically manipulating people to gain access to sensitive information.

This article explores in depth what pretexting is, how it works, typical scenarios, and countermeasures to defend against it.

What is pretexting: meaning and characteristics

Pretexting is a social engineering technique in which an attacker creates a false scenario (pretext) to trick a person into divulging personal information, often sensitive data such as credit card numbers, bank accounts, or website login credentials.

In the context of cyber security, pretexting is classified as a particularly effective type of scam because it preys on trust, urgency, or authority.

Unlike a common phishing attack, pretexting is often personalized and can also include elements of spear phishing, i.e. attacks targeted at single individuals.

Practical example: An attacker could pretend to be a company technical support employee to convince a secretary to provide access to the company server. The pretext could be urgent maintenance or a risk of data breaches.

How a pretexting attack works

A pretexting attack develops in several phases:

1. Preliminary collection of information

The attacker begins by gathering information about the victim, often using social media, public forums, or even old data breaches. The goal is to build a detailed profile to make the pretext more credible.

2. Construction of the pretext

The attacker creates a fake identity: he can pretend to be a colleague, a technician, a bank representative or even a police officer. Every detail serves to legitimize the request.

3. Contact and manipulation

At this point, the attacker contacts the potential victim via email, phone, or even in person, and asks them to divulge information or perform specific actions, such as clicking a link or logging into an account.

4. Goal achieved

If the victim falls for the trap, the attacker can gain access to sensitive data , break into a computer system , empty bank accounts , or use the information for further phishing attacks or romance scams .

Pretexting and economic damage: millions of dollars stolen

One of the most concerning aspects of pretexting is its financial impact. According to reports from security firms such as Verizon and Proofpoint, pretexting represents a growing portion of Business Email Compromise (BEC ) attacks, which cause millions of dollars in business losses each year.

In 2023, for example, a multinational corporation was the victim of an attack in which a cybercriminal posed as the CEO and ordered a wire transfer of $2.6 million. The email appeared authentic, thanks to careful study of the executive’s communication style.

Differences between pretexting and phishing

While phishing and pretexting are often confused, they have key differences:

  • Phishing is often generic and aims for quantity: mass emails, malicious links, and compromised attachments.
  • Pretexting is targeted and based on one-on-one interactions, often with in-depth study of the victim.

Both techniques can coexist. An attack can start with a phishing email and continue with a phone call constructed using the pretexting technique.

Pretexting

The most used channels for pretexting

Pretexting attacks are distinguished by their ability to adapt to different means of communication. The effectiveness of these attacks depends largely on the credibility of the contact, not on the medium itself.

However, some channels are more vulnerable because they allow a more convincing simulation of the identity. Below we analyze the main attack channels through which pretexting campaigns develop.

Email (business and personal)

Emails are one of the most used vectors for pretexting, especially in corporate environments. Through spoofing or BEC (Business Email Compromise) techniques, the attacker pretends to be a colleague, a manager or a supplier. Often, the message is carefully crafted: signature, tone, company logo and email structure can appear legitimate.

Typical example

Subject: URGENT – Supplier Payment Authorization

Message: “Hi, as you know I am traveling to a conference in Hong Kong. I need you to authorize a payment of 42,800 euros to the new supplier. This is essential to not interrupt production. Let me know as soon as it is done.”

These emails are designed to trick the victim into making payments or disclosing sensitive information , without verifying the source.

Effective defenses:

  • Two-factor authentication for email logins
  • Verbal Confirmation Policy for Financial Transactions
  • Using DMARC, DKIM, and SPF for Spoofing Protection
  • Internal Cyber Security Training

Phone calls (vishing)

Telephone pretexting, also called vishing (voice phishing), is a direct and persuasive method. A criminal may pretend to be an IT technician, a bank representative, or even a criminal investigator.

Using an authoritative or friendly tone, he or she tricks the victim into divulging sensitive data or performing actions such as resetting passwords or providing OTP codes.

Frequent techniques:

  • Using spoofed caller IDs
  • Setting up fake call centers to increase credibility
  • Creating a sense of urgency or impending danger

Example

“Hello, I’m calling from Bank X. We’ve detected a suspicious transaction on your account. To verify that it’s not a theft, we need your OTP code.”

Effective defenses:

  • Never provide data over the phone upon request
  • Call the official number of the institution
  • Be wary of emergencies and check sources

SMS and instant messaging (smishing)

SMS and messaging apps like WhatsApp, Telegram or Messenger are also increasingly exploited channels.

This approach is known as smishing and can be used to convey malicious links to fake websites or to start a scam conversation.

Example

“Your package has been held up in customs. Follow this link to complete the process: tracked-package.xyz”

Or:

“Hi, this is Apple Support. We’ve detected unauthorized access to your account. Please respond immediately to avoid being locked out.”

These messages target haste and carelessness, using plausible content and graphic layouts similar to the originals.

Effective defenses:

  • Do not click on links received via SMS
  • Check suspicious URLs independently
  • Use apps that filter spam and smishing

Social media

Social media has become a powerful tool for pretexting. Attackers can create fake profiles or leverage publicly available information to create credible pretexts.

LinkedIn is often a favorite target for businesses, while Facebook and Instagram are used for personal scams or romance scams.

Typical techniques:

  • Sending private messages pretending to be an employer, client, or former classmate
  • Using stolen photos and names to impersonate real people
  • Invites to click links or share private information

Example

“Hi Donato, we have a perfect open position for you at company X. Send us your updated CV and a copy of your ID for identity verification.”

Effective defenses:

  • Strict privacy settings on profiles
  • Avoid posting personal details (email, phone number, upcoming travel)
  • Cross-verification of identities (e.g. contacting the company officially)

Physical meetings or direct access (tailgating)

Although less common, there are pretexting attacks that occur in person. In corporate settings, the attacker may pose as a third-party technician, inspector, vendor, or interview candidate, with the goal of gaining physical access to the premises or systems.

Example

A man in uniform with a forged badge walks into the office and says, “I’m the technician in charge of updating the badge software. I need access to the server room for 10 minutes.”

Effective defenses:

  • Mandatory identification badges
  • Welcome protocol for visitors
  • Video surveillance and trained security personnel
  • No access to systems without explicit authorization

Fake websites and login forms (pharming)

Some pretexting attacks use fake websites that perfectly imitate real ones from banks, companies or cloud services like Office 365. These sites are reached through links sent via email, SMS or social media. The user, convinced of the legitimacy of the site, enters his credentials.

Advanced technique:

The domain can be almost identical to the original one (e.g. gòogle.com instead of google.com) or use SSL certificates to appear trustworthy.

Effective defenses:

  • Verify URL on each login
  • Use password managers (that don’t recognize fake sites)
  • Enable two-factor authentication
  • email security gateway tools to block phishing emails

Romance scams: a case of emotional pretexting

Another common example is romance scams, where the scammer pretends to be a soldier, doctor, or businessman stranded abroad. After establishing a romantic relationship online, they ask the victim to send money or share personal information.

These attacks are extremely dangerous because they exploit loneliness and emotional vulnerability. According to the FBI, pretexting romance scams are among the most profitable for cybercriminals.

Why pretexting is so effective

The success of pretexting lies in several factors:

  • Absence of technical barriers
    The attack occurs at the human level.
  • Flexibility
    Can be adapted to business, personal, healthcare, banking contexts.
  • Ease of implementation
    All you need is a convincing script and a minimum of initial data.
  • Difficult to detect
    Often the victim does not immediately realize that he has been scammed.

This is precisely why pretexting can be devastating, especially when used in combination with other techniques such as phishing, malware, or spear phishing.

How to defend yourself from a pretexting attack

Cyber security against pretexting cannot be based only on antivirus or firewall. It needs a human-centric approach. Here are some effective measures:

  • Training and security awareness
    Teach employees to recognize a type of scam based on psychological deception.
  • Identity verification
    Never trust urgent or unusual requests, even if they appear to come from colleagues or superiors.
  • Internal validation procedures
    Each request for access or transfer of funds should be subjected to a second level of control.
  • Limiting social media exposure
    Much of the information used for pretests comes from LinkedIn or Facebook profiles.
  • Using anti-fraud software
    Some tools analyze behavioral patterns and can block anomalous access.

Real examples and case studies

Among the most striking cases:

  • Snapchat case (2016)
    An employee was tricked into sharing tax information for the entire staff with an attacker pretending to be the CEO.
  • Ubiquiti Networks case (2015)
    Company defrauded of $46 million through spear phishing emails and pretexting phone calls.

These examples demonstrate how even technologically advanced companies can be vulnerable if they neglect staff training.

To conclude

Pretexting is one of the most insidious and growing forms of social engineering in the cyber security landscape. It is not just a technical threat, but a human and cultural challenge. Potential victims are not only IT managers, but any person who accesses data, systems or funds.

Investing in awareness, training, and verification procedures is more important than ever to prevent a false identity from opening the door to millions of dollars in damages, data breaches, and deep compromises.

Questions and answers

  1. What is pretexting in computing?
    Pretexting is a social engineering technique in which an attacker pretends to be someone else in order to obtain sensitive information.
  2. What is the difference between pretexting and phishing?
    Phishing is generic and mass, while pretexting is targeted and based on individual interactions.
  3. Can pretexting also affect private individuals?
    Yes, with scams such as romantic scams or scams involving fake bank employees.
  4. How to recognize a pretexting attack?
    Suspicious requests, unjustified urgency, excessive familiarity or fictitious authority are typical signs.
  5. Can pretexting happen via social media?
    Yes, attackers often use social media to collect data or contact victims directly.
  6. What damage can pretexting cause?
    Data theft, account access, financial losses of up to millions of dollars .
  7. How to defend yourself from pretexting in your company?
    Training, multiple checks, and internal policies for validating requests.
  8. Can software stop pretexting?
    Not entirely: technology and security culture need to be integrated.
  9. Is it legal to pretend to be someone else online?
    No, it is a crime in many countries, especially if used to scam or deceive.
  10. 1Which industries are most affected by pretexting?
    Finance, healthcare, tech, and government are among the most targeted.
4
To top