Pretexting can occur anywhere at any time, so it’s important to understand what it is and ways you can protect employees from it. You can protect your organization from pretexting by not clicking on unsolicited links, not sharing personal information online and by educating employees on pretexting techniques.
Read on to learn more about pretexting and the techniques used by cybercriminals to get victims to reveal sensitive information.
What is Pretexting?
Pretexting is a type of social engineering attack in which a cybercriminal makes up a story to convince the victim to reveal sensitive information that’ll give the cybercriminal unauthorized access to systems.
Pretexting can occur in many forms including in-person, a phone call and a text message. The cybercriminal will attempt to build a relationship between themselves and the victim to help come off more convincing. They’ll oftentimes use the information they find online about the victim to convince them that they are who they say they are. They’ll use the victim’s previous job history, current employment and more to convince them that they can trust them.
Types of Pretexting Techniques
There are many types of pretexting techniques that cybercriminals will use to get victims to reveal sensitive information and gain unauthorized access to systems. Here are a few of the many pretexting techniques that cybercriminals use.
Piggybacking
Piggybacking is one type of pretexting technique where the cybercriminal attempts to gain access to a network, system or physical building. Cybercriminals can gain access to a network or system when the WiFi being used is unsecured. In person, cybercriminals can gain access to the building by using the kindness of an employee to make it past an open door.
It can be particularly dangerous if a cybercriminal makes it into a building where many employees are oftentimes stepping away from their devices while they’re still logged in. The cybercriminal can easily step in and steal sensitive information with just a few clicks.
The purpose of a cybercriminal using the piggyback technique is to gain access to a network or a physical building so that they can carry out malicious activities.
Tailgating
Tailgating is similar to piggybacking, but there is one major difference that sets them apart. Tailgating, like piggybacking, involves cybercriminals attempting to gain access to a physical building they don’t have access to, but what makes tailgating different is that cybercriminals will gain access to a building without other people knowing. Cybercriminals may slip through an open door just as it’s closing, making it seem as though they gained authorized access to the building. Using the tailgating technique makes employees unaware of who just made it into the building – placing all company data at risk of being breached.
Phishing
Phishing is one of the most popular pretexting techniques that are used. In the third quarter of 2022, the Anti-Phishing Working Group (APWG) reported that there were a total of 1,270,883 phishing attacks which they claim to be a new record.
A phishing attack aims to persuade the targeted individual to disclose sensitive information such as credentials, credit card numbers and so on. Phishing attempts are usually disguised in the form of an urgent email that claims to come from a trusted source. The goal of a phishing attack is to make the targeted individual take immediate action by opening an attachment or link without second guessing. Clicking on unsolicited links and attachments can trigger malware infections, placing all your information at risk.
Vishing
Vishing is like a phishing attack but more sophisticated and effective. Vishing is when an actual person calls you and claims to be someone they’re not. The goal is the same as a phishing attack – getting the targeted individual to disclose sensitive information that they can then use for their own malicious purposes.
Ways to Protect Yourself and Organization from Pretexting
Keep yourself and your organization protected from being victims of pretexting by following these tips.
Don’t click on unsolicited links or attachments
If you receive an email or text message that you’re not expecting, avoid clicking on any links or attachments. As mentioned, clicking on them can lead to a malware infection – giving the cybercriminal access to all your information.
Nowadays, we have a lot of social media platforms and it can be tempting to share your entire life and experiences on there – but make sure you’re doing it with caution. Restrain from sharing any personal information that cybercriminals can use against you in person or online.
Just as important as being weary of what you share online, it’s also important to be cautious of people asking you to reveal personal information. When someone asks you for information that is personal or sensitive, question why they need to know.
You are not obligated to reveal sensitive or personal information to people you do not know, so never feel pressured to do so.
Train employees on being able to identify pretexting techniques
Pretexing techniques such as piggybacking and tailgating can happen in real time. Make sure your employees always look behind them when walking into the office building, so that no one unauthorized enters. You may even consider adding personnel to the lobby of your buildings to prevent unauthorized people from passing through.
Apart from the pretexting techniques that occur in person, it’s also important that employees are aware of all other pretexting techniques such as phishing and vishing. One way you can do this is by implementing phishing training for your organization. Phishing training can help employees identify phishing emails so they know what to keep an eye out for. One security awareness training program is KnowBe4. KnowBe4 is a training program that you can implement in your organization that has various learning modules for employees and also sends out simulated phishing emails so that employees can become confident identifying them.
Get a business password manager
When it comes to pretexting, one of the most important cybersecurity solutions you can implement to keep company data secure is a password manager for businesses. A business password manager is a tool that allows you to enforce employee password requirements while also storing them securely. A password manager allows you to share sensitive information and credentials securely without placing them at risk of being compromised.
If your organization were to ever become a victim of pretexting, a password manager makes it easy to secure your accounts by allowing you to generate new strong, unique passwords for each of them so that no further damage can be done.
Stay Protected Against Pretexting
Pretexting techniques are easy to fall victim to because of the social engineering aspect, but keeping employees aware of the dangers and telltale signs of pretexting techniques can prevent them from falling victim.
Making sure your employees know the risks of sharing personal information online can make all the difference in keeping your entire organization safe. Invest in a cybersecurity solution like Keeper so that your sensitive data is always secured – get Keeper for your business today.