What is Pretexting in Cyber Security?

What is Pretexting in Cyber Security?

What is Pretexting in Cyber Security?

In cyber security, pretexting is often used to acquire sensitive information.

Pretexting is a form of social engineering, also known as “man in the middle hacking.” Social engineers create a convincing and credible person online to deceive individuals into providing personal information or access.

Pretexting Definition

Pretexting is the act of attempting to obtain sensitive information, create a false sense of trust and credibility, or trick an individual or organization into divulging their personal information or secrets. In essence, social engineers exploit the human desire to trust and be accepted while engaging in an activity that can result in personal gain.

Pretext means “an attempt” or “a false reason” for an action. To send a message and make it appear legitimate, it is necessary to establish a sense of credibility with the person receiving the message. For example, sending an email from a known and trusted source in another office could invoke trust, which increases the chances that the user will open and read the message. Within this scheme, pretexting is called “man in the middle.

Examples of Pretexting

Romance Scam

It is a situation where a hacker posing as a girl (not valid in some countries) or a boy keeps getting close to an individual, saying they are “seriously” interested in them. It allows the hacker to get close and personal information, such as links to personal websites, emails, and so on, which the hacker later uses.

Cryptocurrency Scam

It is a situation where the hacker pretends to be interested in cryptocurrencies and offers coins for free or at a low price. When asked to transfer the coin, they ask for the recipient’s cryptocurrency wallet information. The recipient does this, believing that this was a legitimate offer, having been asked by someone who–seemingly–worked for a legitimate company. In reality, however, this is a scam that allows the hacker to enter the person’s address and transfer crypto currency from their wallet without their knowledge.


It is a situation where the hacker makes it appear as if they are someone you know or someone from an organization. For example, the hacker can “impersonate” a person by using an email address similar to your friend’s or a known username in an online group or forum.

Whaling Attack

It is a situation where the hacker pretends to be an authority or a government official and tricks the subject into providing sensitive information or access.

How to Prevent Pretexting Attacks

To avoid being targeted by a pretexting attack, it is important to understand the methods employed by hackers. Several actions can be done to prevent being a victim of a pretexting attack, including:

  • Always check the sender’s email address, especially if sent from an unknown source. If the address is not familiar, do not open the message.
  • Always be suspicious of unsolicited emails and links from unknown sources. Do not click any links contained in questionable emails; instead, forward them to your IT department so they can ensure they are safe before proceeding.
  • If a link is provided to download a file or to access an account, carefully check whether the file has been altered and if it is authentic. Remember that most phishing attacks and scams come from seemingly authentic emails.
  • Review any website that you are directed to. Scammers will often post fake banking or government websites with links to websites that contain malicious content, some of which could infect your computer without your permission.
  • Ensure that any downloaded files are stored safely in a designated folder. Never save them on the desktop or in another easily accessible location.
  • Use anti-virus and anti-malware software to scan any attachments, links, or files before opening them.

For more information on the best ways to prevent pretexting and other social engineering attacks, read our guide.


Pretexting is a significant security threat because of its prevalence in today’s society. All individuals must be vigilant about behaviors that make a person appear untrustworthy. Cyber security professionals need to always have a certain level of skepticism and alertness, but it is also important for people not to be too aggressive when receiving unwanted attention.