What is pretexting in social engineering?
D2 ยท Threats ยท CompTIA Security+ SY0-701Pretexting is a social engineering technique where an attacker creates a fabricated scenario (pretext) to manipulate a target into revealing information, granting access, or taking an action they otherwise wouldn't.
Examples:
๐ Attacker poses as IT support: "I need your credentials to fix your account"
๐ฆ Attacker poses as bank auditor: "I need to verify your account information"
๐ Attacker poses as new employee: "HR told me to collect your badge for a photo update"
Pretexting builds plausible stories that exploit authority, urgency, or trust.
Examples:
๐ Attacker poses as IT support: "I need your credentials to fix your account"
๐ฆ Attacker poses as bank auditor: "I need to verify your account information"
๐ Attacker poses as new employee: "HR told me to collect your badge for a photo update"
Pretexting builds plausible stories that exploit authority, urgency, or trust.
Pretexting is the foundation of most social engineering attacks. It creates the context that makes other techniques (phishing, vishing, impersonation) believable. Defense: verification procedures, employee training, and a culture of security awareness. Never provide access or information without verifying identity through established channels.