Definition:
A certain type of social engineering technique that manipulates victims into divulging information. A pretext is a made up scenario for the sole purpose of scaring a victim to acquire their personal data
Example:
Impersonation, Tailgating, piggybacking, baiting, scareware
Tailgating is not what you think it is, imagine the security guard opens the door for himself and you stick your foot in the door when he leaves.
Pre-Text attacks occur when the attacker researches their target to create a truthful sounding background to make themselves more credible and gains the trust of the victim. For example, they may impersonate a CEO, part of the technology department, banks, or part of a government agency.
Pre-texting is a dangerous attack method, as it preys upon an existing relationship between the attacker and the victim. Pre-texting relies on the trust relationship that a user is tricked into believing in.
Ways to defend against a pre-texting attack:
avoid sharing personal information
do not click on links sent by emails
cancel requests for help from a company that you have not requested help from
find out who has access to your data at work and insure it is secure
do not open emails from an unknown source
secure your computer with antivirus and antimalware software
train employees on how to recognize social engineering and responding appropriately to pretexting scenarios
avoid sharing any personal information on social media
Verify Verify Verify!! Identities, requests, etc..
The best defense against a pre-texting attack is questions! Ask questions to verify what is being said, followup with other individuals in your organization to insure accuracy. Finally, if something "feels" funny, it probably is!