An Overview of Social Engineering

3.3. Pretexting Attacks

Pretexting attacks consist of inventing fake and convincing scenarios in order to steal a victim’s personal information. They are based on pretexts that make the victim believe and trust the attacker. The attack is performed via phone calls, emails, or physical media. Attackers use publishing information on phone books, public web pages, or conferences where collaborators in the same field meet to carry out their attack. The pretext may be an offer to perform a service or to get a job, asking about personal information, helping a friend to get access to something, or winning a lottery.