If a scammer has your phone number, you should lock your SIM card, secure your online accounts with strong passwords and block spam calls from your
Pretexting is a type of social engineering attack in which the scammer manipulates their target into sharing private information or sending money by making up a story. Pretexting can occur on the phone, via text message, through email or in person. The goal of pretexting scams is typically to infect your device with malware, steal your money, breach private data and more.
Some examples of pretexting scams include business email compromise scams, grandparent scams, account update scams, romance scams, job offer scams, government scams and tech support scams.
Read on to learn more about the different kinds of pretexting scams through examples and how you can avoid becoming a victim of pretexting scams.
Business email compromise scams
Many pretexting scams target victims in their workplace. Business Email Compromise (BEC) scams involve a cybercriminal pretending to be a trusted figure of a company and sending out an email requesting private information or money. The cybercriminal would have to conduct abundant research first to learn about the company, organizational structure, the target’s role and more. After determining who their target will be and what information to use, the cybercriminal will email their target pretending to be someone they know within the company, including a coworker, manager or even the CEO. As a target of a BEC scam, you may receive an email that looks something like this:
Good morning,
I need you to send the credit card numbers of our top clients. I recently lost all the files on my computer, and I have a meeting I urgently need that data for today. Please send the credit card information by noon today.
Thanks,
Always be wary of someone asking you for sensitive information urgently, especially when it involves financial information. The goal of BEC scams is to steal information or money from a company by having the cybercriminal impersonate someone within the company to seem trustworthy.
CEO fraud
One type of BEC scam is CEO fraud, which is when an email or text message like the one above is sent from a cybercriminal pretending to be the CEO of a company. Cybercriminals use this scam to take advantage of the trust of their target by impersonating the highest role within a company. A common kind of CEO fraud scam is when cybercriminals ask their target to buy a certain number of gift cards worth a specific amount immediately. Cybercriminals hope their target will buy the gift cards and then share the card ID numbers, allowing the cybercriminals to redeem the money on the cards.
Email account compromise
Another type of BEC scam is Email Account Compromise (EAC). In this type of attack, a cybercriminal gains access to an employee’s email account and combs through their contacts to find valuable vendors and partners. After deciding who they want to target, cybercriminals send an email from the employee’s email account to request money.
Grandparent scams
Imagine you are a grandparent who receives a phone call from your grandchild. When you answer the phone, you hear the sound of your grandchild’s voice and they are panicked, asking you for money because there’s an emergency. You follow your grandchild’s instructions and send the money to them immediately to ensure your grandchild’s safety – except the voice you heard was not your grandchild.
Grandparent scams target elderly victims to create concern over a story that their loved ones are in danger. Cybercriminals can now effectively use AI on phone calls to clone the voices of people familiar to the target by analyzing videos posted online. Since most elderly people are unaware of this advanced technology, they will believe that their loved one is truly in danger enough to send the scammer money.
Update account scams
If you have had an account for a while, you may have received an email that looks like this:
Dear Valued Customer,
We are updating the old version off your email account, Please confirm your email address to prevent your account from being deactivated.
Click below to continue using your mailbox.
If you do not update your email account, your account will bee permanently deactivated.
Many recipients of this email would immediately click the link to keep their email account active. However, there is a high chance that an email like this is actually an update account scam. If you look closely at the email above, you might notice a few key signs that indicate it is a scam:
- The email sender seems suspicious (name and email don’t match)
- The message is urgent and filled with threats
- The email contains grammatical and spelling errors
- The sender included a link or attachment
- The message requests sensitive information
At first glance, you may not notice the grammatical or spelling errors, but you can sense how urgently the sender wants you to click the suspicious link. This type of scam is designed to look real and urge you to act quickly, so targets are more likely to update their account, thereby giving the cybercriminal access to personal information.
Romance scams
Everyone wants to fall in love, but you need to be careful who you trust online, especially on dating apps. Romance scammers will create a profile on dating websites and slowly build your trust by chatting with you often. Suddenly, they will claim they need money for an emergency, a plane ticket or some other expensive reason.
Many people fall for romance scams because these scammers really get to know you on an intimate level. By knowing what you care about, romance scammers, also known as catfishers, can gauge what you will be willing to send money for if a real romantic interest existed. It is important to look out for some excuses that romance scammers may use, including reasons why they can’t meet you in person or chat with you over video call.
Job offer scams
Some jobs may sound too good to be true, so it’s important to consider the possibility of them being scams. Even on reputable online job boards like LinkedIn or Indeed, cybercriminals can still post illegitimate-looking job listings to steal your personal information. When you are looking for jobs online, you can identify a job offer scam through the following indicators:
- The company will ask for your private information, like your Social Security number before you have even gotten a job offer
- The company does not appear credible online, with a poorly made website or unverifiable address
- The job description is vague and contains grammatical errors
- The communication between you and the recruiter seems unprofessional
Always do your research and never share personal information when in the early stages of any hiring process, as you could be part of a job offer scam.
Government scams
A government scam happens when a cybercriminal pretends to work for the IRS or the government, and they try to convince you that you owe them money. A government imposter scammer could communicate with you over the phone, via text or through email to steal your identity or financial information.
If you receive a call from “the IRS” in a government scam, they will say that you owe them money for tax purposes and will threaten legal action against you if you do not pay them. Social Security scammers will most likely tell you that there is an issue with your account and that you need to give them your private information to receive your benefits.
Remember that government agencies generally communicate with you through letters unless you contact them first. Any contact through other mediums is most likely a government scam.
Tech support scams
Similar to government scams, the goals of tech support scams are for scammers to take your personal information or steal your money. To do this, cybercriminals convince you that your computer has security issues and they need to access your device remotely to fix the problems. They may claim that they need to run some diagnostic tests and that it may take a while. These scammers could also ask you to install applications to correct these issues. If you follow their instructions, these tech support scammers will gain access to your private information.
Signs of a pretexting scam
Now that you’ve learned some of the most common types of pretexting scams, here are some signs of pretexting scams in general:
- Sudden and urgent requests for personal information or money
- The offer is too good to be true (money, a vacation, gifts, etc.)
- Unsolicited phone calls, especially from a government agency
- Errors with grammar and spelling
How to avoid falling for pretexting scams
Even if some signs of pretexting scams may be difficult to notice, there are several ways to protect your personal information and money from scammers.
Use strong and unique passwords for each account
Create strong passwords for each of your accounts to ensure your information is not easily accessible to cybercriminals. By using unique passwords without any personal information like a pet name or birthdate, you will make it much more difficult for a cybercriminal to access your accounts.
Enable MFA when possible
Multi-Factor Authentication (MFA) is an additional security measure that you should take to protect your online accounts. When you enable MFA, you must provide extra proof of your identity to access your accounts. This will make it more challenging for pretexting scammers to gain access to your accounts, even if they have your login credentials because they will be missing the additional form of authentication.
Block scam callers
If you answer a phone call from an unknown number and realize that it is a scammer, hang up and block the number. This will ensure that you don’t receive any calls from them in the future if they try to scam you again.
Never click on unsolicited links or attachments
Receiving unsolicited links or attachments can be harmless as long as you don’t click or download them. When you do click on suspicious links or attachments, you risk cybercriminals infecting your device with malware or accessing your personal information. It is best to delete the message altogether as soon as you recognize it is suspicious.
Don’t give out personal information
Whether it’s over the phone or via messages, do not give out your personal information. Even if you believe the person you are speaking to is trustworthy, like in grandparent scams, you should always be cautious.
Keep your digital footprint clean
There are a few easy things you can do to keep your digital footprint clean, which will lower your chances of getting targeted for scams:
- Delete any accounts you don’t use anymore
- Avoid oversharing on social media
- Update your privacy settings to reduce your digital footprint on different accounts or apps
Protect yourself from pretexting scams
While any kind of scamming is stressful and consequential, pretexting scams are especially concerning due to the pretext that cybercriminals develop to build your trust. In the examples of pretexting scams mentioned before, each of them targets vulnerabilities and specific audiences. After learning about the types of pretexting scams that occur most frequently and how to avoid becoming a victim, you should feel prepared to protect yourself and your private information.