Pretexting

Pretexting is a way to gain passwords. Read this article, which explains the steps involved in pretexting.

Train employees not to give away passwords. One of the primary methods that is used to steal passwords is to simply figure them out by asking the users or administrators. Pretexting occurs when an attacker calls a helpdesk or security administrator and pretends to be a particular authorized user having trouble logging in. Then, by providing some personal information about the authorized user, the attacker convinces the security person to reset the password and tell him what it is. Another way that employees may be tricked into giving away passwords is through e-mail phishing. Phishing occurs when a user receives an e-mail that looks as if it is from a trusted source, such as their bank, or their employer. In the e-mail, the user is asked to click a link and log in to a website that mimics the genuine website and enter their ID and password, which are then captured by the attacker.

Source: David T. Bourgeois, https://bus206.pressbooks.com/chapter/chapter-6-information-systems-security/
Creative Commons License This work is licensed under a Creative Commons Attribution 4.0 License.

Last modified: Thursday, April 15, 2021, 2:51 PM