Pretexting

Threats ⚠️ • Social Engineering 👥 • Sec+ Glossary 📖 • Security+ 02 • Difficulty: premium

What is Pretexting?

Pretexting is a social engineering technique in which an attacker invents a believable identity, role, or situation in order to gain trust and persuade a target to reveal information, grant access, or perform an action.

Examples

An attacker pretends to be a help desk technician and asks an employee to confirm account details for a supposed support ticket.
A caller poses as a bank representative and convinces a victim to provide personal information under the claim that suspicious activity must be investigated.

Discover 🔎

Many attacks do not begin with malware or technical exploitation. They begin with a story. If the attacker can make the story believable enough, the victim may hand over information, approve a request, or bypass normal checks without realizing that anything malicious is happening.

That is the essence of pretexting. The attacker does not rely only on pressure or urgency. They create a false scenario that makes the request seem reasonable. The success of the attack depends on how convincing that invented situation feels to the target.

Remember: In pretexting, the lie is structured. The attacker is not just asking for something—they are building a believable reason why the target should cooperate.

Summary 📝

Pretexting is a social engineering method that relies on an invented identity or believable scenario to gain trust and influence the target’s actions. Its strength lies in context: the request feels normal because it appears to belong to a real role or routine situation. Strong defense comes from verification, disciplined process, and a workplace culture that does not treat a convincing story as enough evidence by itself.

Open the interactive lesson Browse more topics

Tip: The interactive version includes progress tracking, decks, and premium deep dives.