pretexting know this important cyber threat

Social engineering is widely used by hackers to steal information and infect computers . There are many attacks that we can suffer on the network and therefore it is always advisable to bear in mind the importance of protecting systems and not making mistakes. In this article we are going to talk about what Pretexting is , one of those techniques that cybercriminals use to steal confidential data and put privacy at risk.

What is Pretexting, a cyber attack

We can say that Pretexting is a form of social engineering that hackers use to steal personal information. What the attacker is looking for is for the victim to give up confidential and valuable information or to access a certain service or system.

The attacker uses a pretext, a story, to deceive the user . They get in touch with the hypothetical victim and pose as someone with authority in order to collect sensitive and important information and data. The goal, at least what they say, is to help and prevent a problem.

Hackers can use Pretexting to attack private users as well as companies . It is usually common to request information to access bank accounts and private data. For example, they could pose as a bank asking the customer for information in order to verify their identity or resolve any incident.

The individual who gets the call or e mail may additionally accept as true with that it virtually is some thing severe, something that should have their interest. They consider the pretext they use and indicate sure sensitive facts that the attacker requests. For example tax statistics, account records, cope with ... All this could be used in opposition to you, to get entry to the bills or carry out some other attack.

What does the attacker need to carry out this threat called Pretexting? Basically the key is to have the victim's phone number or email , as well as information related to a service that he uses.

Take as an example a call to a customer of a bank . The attacker calls on the phone and speaks to you by name indicating that they suspect that there has been a fraudulent payment, an attempted theft or some incorrect access to the account. They ask the victim to provide certain information so that the person who calls, supposedly with authority, can confirm that everything is correct.

What the victim encounters is a person who would act as a customer service representative for that bank, for example, but who is actually playing a role. You are doing nothing more than impersonating your identity, making use of a pretext or story.

Staggered process in a Pretexting attack

Keep in mind that a Pretexting attack is not usually something direct in the first place. In other words, the caller would not directly ask the victim for the data. It is not usual. What he does is gradually gain trust . Start with questions to confirm your name, indicate the suspected problem, etc. Subsequently it asks for information and data until it reaches the most sensitive points, which could be the access code, for example.

This is how you can gain the trust of the unsuspecting victim and gather all the sensitive information you need. It could also instruct the user to download a program to solve a problem or access some kind of online service.

How the attacker gets the initial data

Now, once we have understood what a Pretexting attack consists of, we can ask ourselves how the attacker obtains the basic data that he is going to need. For example you would need to know our phone number, email and personal name.

This part is simple and can be obtained in a number of ways. Starting from the most basic over the Internet , you could know what our email is or even phone number if we have made a mistake in social networks or made that information public on an online platform.

He could even steal letters from a mailbox where personal data such as our name appear, some service that we have contracted and the like. This is the way they also know if we are subscribers of something in particular that they can use as a pretext for that call.

In short, Pretexting is a major threat on the Internet. Similar to Phishing, it also aims to access our accounts and collect all kinds of information. It is essential that we always maintain common sense and do not make mistakes.