Pretexting: what is this cyber attack?

Social engineering is widely used by hackers to steal information and infect computers. There are many attacks that we can suffer on the network and therefore it is always advisable to take into account the importance of protecting systems and not making mistakes. In this article we are going to talk about what Pretexting is , one of those techniques that cybercriminals use to steal confidential data and put privacy at risk.

What is Pretexting, a cyber attack

We can say that Pretexting is a form of social engineering that hackers use to steal personal information. What the attacker is looking for is for the victim to give up confidential and valuable information or to access a certain service or system.

The attacker uses a pretext, a story, to deceive the user . They get in touch with the hypothetical victim and pose as someone with authority in order to collect sensitive and important information and data. The goal, at least what they say, is to help and prevent a problem.

Hackers can use Pretexting to attack private users as well as companies . It is usually common to request information to access bank accounts and private data. For example, they could pose as a bank asking the customer for information in order to verify their identity or resolve any incident.

The person who receives the call or email may believe that it really is something serious, something that should have their attention. They believe the pretext they use and indicate certain sensitive data that the attacker requests. For example tax information, account data, address … All this could be used against you, to access the accounts or carry out any other attack.

What does the attacker need to carry out this threat called Pretexting? Basically the key is to have the victim’s phone number or email , as well as information related to a service that he uses.

Take as an example a call to a customer of a bank . The attacker calls on the phone and speaks to you by name indicating that they suspect that there has been a fraudulent payment, an attempted theft or some incorrect access to the account. They ask the victim to provide certain information so that the person who calls, supposedly with authority, can confirm that everything is correct.

What the victim encounters is a person who would act as a customer service representative for that bank, for example, but who is actually playing a role. You are doing nothing more than impersonating your identity, making use of a pretext or story.

Staggered process in a Pretexting attack

Keep in mind that a Pretexting attack is not usually something straightforward in the first place. In other words, the caller would not directly ask the victim for the data. It is not usual. What he does is gradually gain trust . Start with questions to confirm your name, indicate the suspected problem, etc. Subsequently, it asks for information and data until it reaches the most sensitive points, which could be the access code, for example.

This is how you can gain the trust of the unsuspecting victim and gather all the sensitive information you need. It could also even instruct the user to download a program to solve a problem or access some kind of online service.

How the attacker gets the initial data

Now, once we have understood what a Pretexting attack consists of, we can ask ourselves how the attacker obtains the basic data that he is going to need. For example you would need to know our phone number, email and personal name.

This part is straightforward and can be obtained in a number of ways. Starting from the most basic over the Internet , you could know what our email is or even phone number if we have made a mistake in social networks or made that information public on an online platform.

He could even steal letters from a mailbox where personal data such as our name appear, some service that we have contracted and similar. This is the way they also know if we are subscribers of something in particular that they can use as a pretext for that call.

In short, Pretexting is a major threat on the Internet. Similar to Phishing, it also aims to access our accounts and collect all kinds of information. It is essential that we always maintain common sense and do not make mistakes.

How to avoid falling victim to a Pretexting attack

It is very important to maintain common sense at all times. We must avoid falling into traps of this type, not giving personal information online without knowing who is behind a website, for example. There are many factors that can help protect our equipment and not create security problems, as we will see.

Common sense

Something fundamental to avoid cyber attacks is common sense . This is especially important for attacks like Pretexting. Here it is more important than ever not to make mistakes that could weigh on our privacy. As we have mentioned, we must not make public information that could be used against us or click on links that could be dangerous.

Security programs

It is always important to have security tools . A good antivirus can rid us of very important threats in the form of malware. It can help us analyze equipment, detect hazards and be able to eliminate them. There are many options that we have at our disposal. Many types of antivirus, firewall and other components that we can install on our computers.

Have updated equipment

On many occasions, vulnerabilities arise that can be exploited by hackers. Many security flaws that could affect us. We can correct this thanks to patches and security updates . For this reason, it is very important to always have the equipment correctly updated and thus avoid problems. Again it is something that we can apply to any operating system or device that we use.