July 15, 2023

By Burton Kelso
The Technology Expert

The hits just keep coming, don’t they? There always seems to be some new sort of cyber attack that threatens the security of our office and home computers.

The latest scam you need to worry about is Pretexting, which is a form of social engineering tactic that involves criminals creating a fake identity or situation to gain your trust and get access to your sensitive information or access to your systems. These attacks can be carried out in person, over the phone, or online and the focus of the correspondence is usually tailored to the victim’s specific interests or needs. Here’s what you need to know.

For several years, cyber crooks have used social engineering for online attacks rather than trying to break their way into your computers and devices. Social engineering covers a broad range of malicious activities such as phishing, baiting, smishing, emergency scams, and vishing. Criminals have figured out for the most part we are inclined to trust strangers, especially if they establish themselves as a trusted resource or partner. Social engineering attacks affect everyone. From your grandmother to people working for multi-million dollar companies. The bonus for criminals, it’s cheaper for them to create scams that are designed to trick you out of your money or information.

So What is Pretexting? Pretexting is a form of a social engineering attack where the crook creates a scenario or a story to charm you or shock you into disclosing sensitive and valuable information such as your bank details, social security number, and other sensitive information that enables the perpetrator to gain access to systems and services that you are subscribed to.

How Does Pretexting Work? Before they call you, the attacker will have carried out extensive research on you. They will often use the Internet and leaked personal data from previous data breaches to establish their authenticity. The data they collect also helps them create a credible story that leaves little room for you to doubt them and helps to establish trust and build rapport with you. The attacker will provide you with aspects of your personal information such as your job title, home address, job location, phone number, work history, and credit card information. The attacker typically creates a sense of criticality by pretending to need your confidential information to perform a crucial task. Since they already have some of your personal information, they will claim to need more of your personal information to confirm their identity. Pretexting can take place in the form of a phone call or an email.

How Can You Spot a Pretexting Attack? Criminals who want to pretext you go to great lengths to develop a story that will deceive you. This makes these attacks more difficult to detect. However, there are red flags that can help you identify these scams before you become the victim of a larger attack.

Unusual Requests: You may receive a text, email, or phone message that follows normal communication routes and conversation styles. Yet, the red flag goes up when the request is out of the ordinary. Any request that requires sensitive information, the transfer of funds, or unusual downloads should be considered suspicious.

Spoofed Websites and Emails: If an attacker doesn’t have access to a legitimate website, they’ll be forced to send communications from an unknown email. To remain discreet, they’re likely to use a similar email or URL domain. In these instances, the sender’s email or a linked URL may include easy-to-miss spelling errors.

Urgent Language: While a pretext will go to great lengths to convincingly impersonate a trusted source, they are likely to work to complete the attack as quickly as possible. To accomplish this, the request is likely to include a time frame or language like ASAP, “immediately”, or “right away”. The message may also include reasons why a delay is catastrophic.

False Familiarity: A pretexting attack may open with casual communications like “Are you free right now?”, “I need your help”, or “Can you do me a favor?”. The correspondence is likely to include your name or the names of people you know to create familiarity. Only after establishing trust, the attacker will reveal the request for money or sensitive information.

How to Verify a Potentially Dangerous Request

Pretexting attacks include extensive research that allows the attacker to masquerade as a trusted source. These tips can help you successfully verify a request instead of engaging in more communication with an attacker.

Check an email or text for pretexting red flags mentioned above.

Avoid responding to the request or taking actions like clicking links or downloading attachments.

Contact the sender through an alternate communication method for verification. Instead of responding to the request, make contact with the legitimate source and explain the situation. Ask for verification of the original request before taking further action.

How to Avoid Pretexting. It’s almost impossible to avoid becoming the target of a cyberattack. However, there are steps you can take to keep your information secure and be a less willing target. Limiting the amount of information hackers are able to obtain and taking certain precautions can help you avoid the damages caused by pretexting scams. Take these steps to protect your personal information and financial assets from the investigative techniques of attackers.

Visit www.haveibeenpwnd.com to see if your information such as your phone number and email addresses are out on the dark web. Criminals get your information from data breaches that occur without your knowledge.

Stop sharing your mobile number and email with everyone. The best practive is to only share your mobile number with close family and friends and create a private email for those close to you and one that you share with the public.

Create office policies surrounding the limits of information employees can share on social media about their organizational roles.

Avoid sharing personal and financial information online.

Educate yourself and your co-workers about the techniques used in social engineering attacks.

Examine the email or text for red flags (like urgent language, spoofed websites, and suspicious requests) indicating an attack.

Don’t click on links in an unverified email or text or download attachments.

Report all cyberattack attempts to the proper officials like local authorities and the Federal Trade Commission (FTC).

Hopefully, this article has given you the information you need to stay safe from the dangers of Pretext scams. If you think you’re being targeted, don’t hesitate to reach out. If you need further assistance, please reach out to me with any questions you might have. I am always happy to help!

Want to ask me a tech question? Send it to burton@callintegralnow.com. If you prefer to connect with me on social media, you can find me on Facebook, Instagram, LinkedIn, and Twitter and watch great tech tip videos on my YouTube channel. I love technology. I’ve read all of the manuals and I want to make technology fun and easy to use for everyone! If you need on-site or remote tech support for your Windows\Macintosh, computers, laptops, Android/Apple smartphone, tablets, printers, routers, smart home devices, and anything that connects to the Internet, please feel free to contact my team at Integral. My team of friendly tech experts are always standing by to answer your questions and help make your technology useful and fun. Reach out to us at www.callintegralnow.com or phone at 888.256.0829.