What Is Pretexting? Definition and Examples

Pretexting is a fictional story threat actors use to trick you into giving them access to sensitive information.

It is a popular scam that can happen online or in person, and it uses common phishing techniques to help threat actors achieve success in their pretexting scam.

In this article, we cover: what is pretexting, how it works, examples of pretexting, and how to prevent it by subscribing to Internxt Drive and by increasing your cyberawareness online.

Ready to learn more? Then keep reading!

Table of contents

1. What is pretexting
2. How does pretexting work?
3. Pretexting techniques
4. Examples of pretexting
5. Laws against pretexting privacy
6. How Internxt can help prevent pretexting scams

What is pretexting?

Pretexting is a social engineering attack that uses a made-up story to gain a person’s trust and trick them into sharing personal information, downloading malware, sending money, or stealing passwords to access corporate accounts.

A pretexting story can vary depending on the target's identity, the information the cyberattacker wants, and the industry the target works for.

How does pretexting work?

Pretexting attacks start with a fake story or persona; common examples are bank employees to try and steal money, or a tech support employee tricking the victim into downloading ransomware on the device.

This fake story can be created using these kind of techniques:

1. Spear phishing: an attack that targets a specific person.
2. Whale phishing: targets corporate workers via email, text, or phone calls.
3. Business Email Compromise (BEC): are spear phishing emails meant to steal sensitive information.

Pretexting is also based on two crucial aspects: the character and situation.

1. The character is who the scammer plays in their story. The purpose of the character is to gain the trust of the target by impersonating someone with more authority, such as their boss, or any role the target is likely to trust straight away. The character can be anyone they believe may trick their victim, e.g. Tech support, IT staff, or even a friend or loved one.
2. The situation is the plot of the character’s story, and is the reason why the character is contacting their target. The story could be generic, such as: “You need to update your payment information”, or more specific, such as: “Tom, There’s an issue with the latest invoice your company submitted, and we need you to confirm your banking details to process the payment”.

Now we know the foundations when answering the question: What is pretexting? You may be asking yourself, but how do these scammers know enough information to craft a convincing story?

It’s actually easier than you think.

If you’re active on social media, such as Facebook, Twitter, LinkedIn, Instagram, etc., scammers can use your photos, posts, and information from your profile to craft a convincing narrative to try and trick you.

Reports suggest that this takes an average of 100 minutes. However, it can be even quicker, as once a scammer has enough information from their research, they can use AI to create a convincing pretexting story to increase their chance of success.

Finally, pretexting uses spoofing techniques, (copying email addresses or phone numbers), to make the pretexting email or message more believable. A skilled hacker could also hijack an employees email to send this email.

AI scams are also a huge threat in terms of pretexting, as their has been a significant increase in cybercriminals using AI to clone people’s voices, which you can learn more about in our AI scams article.

Pretexting techniques

When covering what is pretexting, it's important to know that these kind of online scams come in many forms, and will evolve over time. That being said, here are some common pretexting techniques.

Phishing

As we mentioned before, pretexting stories rely on spear or whale phishing when targeting their victims and attempting to access confidential information such as personal or corporate data, financial records, or passwords.

But pretexting is not limited to these kinds of techniques. It can also send one generic message via text or email to hundreds of thousands of bank customers, posing as an employee.

The message could be something like, “Your account has run out of funds.” Even if this “spray-and-pray” method is successful on a small percentage of people, it can have huge gains for the scammer.

Baiting

Baiting attacks aim to trick the target with an attractive offer or warning. A phishing email could send you a link directing you to an offer to entice you to click and learn more. The bait could be some kind of special offer, such as free media downloads, when actually it’s installed with ransomware or other malware.

It’s not just limited to online baiting, either; it could also be a USB left in an office area installed with malware. A scammer could leave this around hoping it piques someone’s curiosity to see what’s on it. Once used, it will install malware in the device or steal confidential information.

Tailgaiting

Tailgaiting is an in-person scam similar to shoulder surfing. This scam happens when unauthorized personnel follow a worker into an area that requires clearance, such as an office or other restricted areas. They could also pose as a delivery worker and ask an employee to give them access to restricted areas.

Examples of pretexting

According to the Federal Trade Commission (FTC), people posing as other individuals, such as pretexting, are the most common kind of fraud, causing losses of USD 2.7 billion.

These are the most common kinds of pretexting scams

1. Account update scams: an email or message containing a malicious link telling the target there is a problem with their account.
2. Business email compromise scams: A character poses as an executive to influence the target.
3. Grandparent scams: These are pretexting scams in which the scammer poses as the target’s grandmother and says the victim is in danger or hurt and needs money to help.
4. Invoice scams: A fake invoice is sent for a product that contains a malicious link asking for information such as email, phone number, or social security numbers.
5. Job offer scams: A fake job offer is posted online. If someone applies, they give the threat actor personal information, which can be used against them.
6. Romance scams: A fake profile is made, and the scammer attempts to win the victim’s heart. If successful, they will ask for money to come visit them or help them out of some financial problems.
7. Scareware scams: this scares the victim with some kind of problem, either a virus or account problem, and they either contain a malicious link or a download containing malware.

In 2023, the developer platform, Retool, was targeted in a pretexting scam when threat actors sent SMS messages to its employees claiming there were issues with their payroll. Unfortunately, one employee clicked on the link, giving access to the scammers and causing them to steal nearly $15 million in cryptocurrency.

Laws against pretexting

The EU has many laws to help companies protect user privacy which will help limit scams like pretexting.

The GDPR, for example, although it doesn’t explicitly mention pretexting, it states that companies must implement technical measures to protect data against unauthorized access, including scam techniques like pretexting.

Other laws come from the FTC, which formally prohibits the impersonation of government agencies or businesses, like copying a business’s logo or website without permission, a technique commonly used in pretexting.

Another law is the 2006 Telephone Records and Privacy Protection Act, which explicitly outlaws pretexting as a means to access customer information that a telecommunications provider holds.

How Internxt can help prevent pretexting scams

Internxt is dedicated to helping everyone stay protected online. Here’s how our secure suite of products and free tools can help you prevent pretexting and other online scams.

Internxt Drive, VPN, and Antivirus

Internxt Drive is a private, GDPR-compliant cloud storage service that uses zero-knowledge, post-quantum encryption to store and backup your documents, photos, and more in total privacy. Any information you want to store and keep safe from scammers will be totally protected with Internxt Drive.

On top of that, paid Internxt plans also come with a VPN, which can prevent scammers from intercepting your network and stealing your personal information.

If you suspect that you have been targeted by a pretexting scam or you suspect you’ve accidentally downloaded malware, Internxt Drive also includes an Antivirus. With it, you can run custom or full scans to remove malware from your device and keep your files safe.

Internxt also has Two-Factor Authentication to prevent pretexting scammers or other hacking attempts on your account. Plus, if you purchase any Premium or Ultimate plan, you will also get access to Internxt’s future products, Mail and Meet, once they’re released.

Get started with Internxt for just €9.99 a month from our website, or choose from any of our lifetime plans.

Free tools

Internxt also provides free tools to increase your online privacy and help prevent scams like pretexting. From the Internxt website, navigate to “Free Tools” at the bottom of the page and use any of these online privacy tools for free:

1. Password Generator: create strong passwords or passphrases to protect your accounts.
2. Password Checker: Ensure your password is strong enough to prevent brute force or dictionary attacks.
3. Temporary email: Keep your personal email safe by creating a temporary email to keep your email free from spam.
4. Dark web monitor: Check if your password, email, or other information has leaked online.
5. Internxt blog: Hundreds of articles about online privacy, tech trends, and online scams to increase your cybersecurity knowledge and prevent pretexting or other scams.

Subscribe to Internxt today for all the latest tech news, product updates, and get the first cloud storage with post-quantum cryptography!