What Are Pretexting Attacks: Scam Types and Security Tips?
Table of Contents
- By Steven
- Published: Oct 04, 2024
- Last Updated: Nov 04, 2024
Have you ever received a text from someone you do not know? Did you become alarmed by the message? Did the message contain information about you and the people you know? Pretexting continues to become part of the global hacker's arsenal of tricks to manipulate their victims. This hack includes clicking on malicious links that can lead to identity threats, financial fraud, and extortion.
Preventing pretexting starts security awareness training for users. Educating users on what to do when they receive a pretexting message helps reduce the attack surface within an organization and the users' personal space.
Another critical step in pretexting prevention is for users to leverage security monitoring services like IDstrong.com. IDStrong's monitoring services help users identify if their personal information has become compromised.
What Is Pretexting?
Pretexting messages often reference a specific person found within their victims' social media likes or people they follow. Frequently, pretext messages contain threats attempting to strike fear in their victims. Pretext messages contain embedded malicious links that redirect users to a rogue hacker site. These links also contain downloadable malware and rootkits for the hackers to gain access to the device.
Common Pretexting Attack Techniques
Pretext attacks containing romantic scam messages have also become very popular among the hacking community. People continue to fall victim to romantic scams.
"In 2022, nearly 70,000 people reported a romance scam, and reported losses hit a staggering $1.3 billion."
Impersonation
Impersonation attacks leveraging pretexting and social media continue to be expected. Users receiving messages from a hacker or scammer impersonating a friend, co-worker, or even a family member happens more often than most people realize. Users suspecting a scammer is impersonating should take the following steps:
- Ask the person sending the message a personal question. Only the natural person would know the answer.
- Call the number from which the text originated.
- Block the number
Phishing with a Pretext
Pretexting is very similar to email phishing attacks. Hackers will leverage different email phishing techniques, including:
Spear Phishing: Spear phishing targets specific people or a small group within an organization with a well-crafted message attempting to lure them to click on malicious links or disclose personal information.
Whaling Phishing: Similar to spear phishing, scammers target CEOs, board members, and heads of state with specific content. They impersonate someone a high-level executive would know personally or professionally.
Clone Phishing: Clone phishing continues to be a favorite among scammers. Scammers leverage previously stolen content from account takeover attacks and place actual content from a previous message into a well-crafted email to trick the user into thinking they are replying to an earlier correspondence.
These attack methods and others are also commonly used within pretexting attacks.
Baiting with False Scenarios
Attackers could send a simple invitation (with a malicious link) or attempt extortion by threatening to expose their victim if the ransom isn't paid. Another common baiting attack is fraudulent pretext messages impersonating Amazon. These pretext messages resemble a product return link or QR code designed to redirect users to a hacker site requesting they change their account password.
Utilizing Publicly Available Information
Pretexting, similar to email phishing attacks, starts with social engineering. Hackers will troll their victims' social media accounts, looking for valuable information they can use within a pretext or email message. Hackers will Google their targets, looking for any news articles, blogs, and videos referring to their next victim.
Phone Pretexting (Vishing)
Another prevalent attack vector scammer uses is vishing attack, where they directly call their victims. . People receiving calls from unknown numbers need to block these calls. If a user accepts the call, they should hang up if the person on the other end of the line makes threats or demands personal information or money.
An excellent example of this type of attack vector includes someone posing as an IRS agent. The IRS conducts all its correspondence through the mail and rarely calls anyone on the phone.
The Psychological Manipulation Behind Pretexting
Various methods of pretexting target a single demographic group, including older adults or people who live in a specific city. These pretexts often manipulate their target group.
For example, the grandparent lure is a joint pretext attack against older adults. This pretext uses impersonation to convince older adults that the scammer is a long-lost child or grandchild who has fallen on hard times and needs some money quickly.
Another example would be pretexting someone in a poor district to claim they have money coming to them. All they need to provide is their full name, bank account number, and login information.
Exploiting Human Trust
Social engineering, email phishing, and pretext attacks prey on the human instinct to trust someone first. Hackers and scammers know this and target attacks against the groups most likely to trust first: students, older adults, recent immigrants, and known people from a foreign country.
Their messaging within their attack chain will vary between threats, charm, impersonation, or extortion. Scammers continue to be successful in using these attack techniques.
The Role of Cognitive Biases
How a pretext message is crafted often contains cognitive psychological elements to prey on the victim's ability to process information. Pretexting messages offering blind compliments to the victims, including congratulating them on winning a contest or sending them a false offer letter for a job at Amazon or Google to help gain their trust, is extremely common.
Using these cognitive bias techniques, the scammers hope the victims will drop their guard and reply according to the rogue instructions embedded within the message. Specifically, false job offers became very common during and after COVID-19. Cisco, Oracle, and Apple, along with other technology companies, went on a hiring spree.
Hackers following this market trend took advantage of the moment and sent out millions of false job offers, maliciously requesting the victim set up an account with their personal information. This hack exposed the victim's personal information.
Prevention and Protection Strategies from Pretexting Attacks
Preventing pretexting attacks is possible if organizations invest critically in cybersecurity tools, including security awareness training, attack simulation tools, and adaptive controls, including secure email gateway solutions.
Employee Training
Employee training ultimately becomes the most powerful tool in preventing pretexting. Cleverly written messages will get through the email security solution layer and end up in the user's inbox and devices. It is up to the user to identify the threat by reading the message. If something within the message includes misspelled words, poor choice of words, bad grammar, or something within the message that comes across as threatening, the user should not reply. The user should forward the message to the SecOps team and report this as possible phishing and pretext.
Verification Protocols
Another valuable technical control organizations should implement is two-factor or multifactor authentication. If a user falls victim to a pretext attack and compromises their credentials, activating a second authentication will help block a hacker's attempt to access the victim's email account or files.
Use of Technology
Organizations must invest in artificial intelligence (AI) and machine learning (ML) defensive tools, employee education, and multifactor authentication. Hackers also leverage their version of AI and ML to create near-perfect pretext messages and email phishing content.
Leveraging AI and ML, including cloud-based email security, extended detection and response (XDR), and zero-trust architectures, these platforms provide several protection layers to help users avoid being compromised by these attacks.
Pretexting and email phishing attacks will continue because they are practical and help hackers and scammers steal millions of dollars daily. Leveraging employee training and advanced cybersecurity defensive tools powered by AI and ML will help reduce the attack surface.
What Else is Available to Assist the User?
Users concerned that their email addresses, passwords, and identity, including their Social Security number, have become compromised should subscribe to IDStrong.com's service. IDStrong helps users validate whether their credentials have become compromised.
Are you interested in learning more? Click here today to check out IDStrong's offerings
