This is your guide to pretexting, its types, a few real-life scams, and most importantly–how to avoid them.
There would be no poor on planet Earth had there been an easy way to riches.
But clearly, that’s not the case. So, people often go adventurous in luring others out of their hard-earned money. These attempts can take many interesting forms, like romance, impersonation, cryptocurrency, and even a USB drive.
While there are different terms for such specific scams, there is a well-known category encompassing all–Pretexting.
What is Pretexting?
Put simply, pretexting is creating a situation, often involving urgency, which tricks you into giving out critical information you otherwise won’t.
But this is more complicated than just a random SMS. Based on the modus operandi, pretexting has several techniques as discussed below.
Phishing is the most common method many of us experience once in a while. This involves getting emails, SMS, etc., asking to click a link that either downloads malware or takes you to a spoofed website.
The former can result in anything from stolen sensitive information or a locked personal computer for which you must pay big sums to get access back.
On the other hand, a fake website can be the exact replica of the original and steals whatever information you enter, starting from the login credentials.
Vishing is a subset of phishing and uses voice calls. So, instead of emails, you might receive phone calls pretending to be support executives of the services you already use or from your bank.
Here, a victim can be intimidated or imparted with a sense of urgency to complete an action in order to continue using the services. Besides, one can also have the other guy offering big amounts, which they can only get after paying for the ‘processing’ fee.
Scareware happens to internet users trying to visit dubious websites or clicking a rogue email or SMS link. This is followed by a pop-up telling your system is infected and asking to download a program for free thorough cleanup.
Now, who loves viruses? Nobody. Although, downloading that ‘antivirus’ from that ‘popup’ can wreak havoc on your device, including installing spyware, ransomware, and whatnot.
Baiting uses curiosity and the urge to have something before others as the primary weapon to accomplish malicious intent.
For instance, a USB disk lying on the floor of a mid-sized company with untrained staff will catch some good attention. Next, someone picks up the freeware from the premises and plugs it into the company system, compromising that specific computer if not the entire network.
In addition, one can also spot an extremely good offer on an online platform that’s about to expire. A harmless click can again jeopardize not only a personal computer but also a whole institution.
So, these were some of the pretexting methods used for online attacks. Now, let’s check out how these mechanisms are cooked into genuine looking real-life situations used to defraud many.
This is the most complicated of scams and hard to pinpoint. After all, who wants to lose the love of their life to petty suspicion, right?
Romance scams start with a stranger on a dating application. It can be a fake dating website created to capture the personal information of vulnerable, hopeless romantics. However, it can also be a legit dating website like Plenty of Fish with a fraudster masquerading as your ideal match.
In any case, things will generally move fast (but not always), and you will be happy to find your soulmate after all.
However, you will be denied video meets, and in-person dating will feel impossible due to the ‘circumstances.’ In addition, your chatting mate can also request to take the conversation off that dating website.
Moreover, these scams can result in the bad actor asking its partner to fund the travel for the in-person meet. Or, they can sometimes involve a hard-to-believe investment opportunity with eye-catching returns.
While romance scams have many flavors, the usual targets are gullible women looking for a reliable partner. Interestingly, another prime victims are military personnel honey trapped in online relationships, leaking classified information.
Put simply, if your online partner is interested in anything other than just you, be it money or crucial information, chances are it’s a scam.
Impersonation is straight-up social engineering at its best. This one has fooled many, including CEOs of reputed companies and renowned universities.
Here the hacker acted smartly and gained access to one of Bitpay’s executive’s email credentials. Subsequently, the scamster emailed Bitpay’s CEO about settling a payment to their business client, SecondMarket. The fraud was discovered only when one of SecondMarket’s personnel was intimated about the transaction.
Besides, Bitpay could never claim insurance as this wasn’t a hack but a classic case of plain-simple phishing.
However, impersonation can also take the route of intimidation.
In such cases, people receive threatening calls from ‘law-enforcement officials’ asking for immediate settlements or face legal trouble.
However, impersonation can also be physical. For instance, you could have an unexpected visit from ‘technician(s)’ belonging to your internet provider to ‘fix certain things’ or for a ‘routine check’. You’re too shy or busy to ask for the details, and you let them come in. They compromise your systems or, worse, attempt an outright robbery.
Another common impersonation attack is CEO email fraud. It comes as an email from your CEO and asks you to complete a ‘task’ which typically entails a transaction to a ‘vendor.’
The key to avoid being a victim of such attacks is to relax and avoid acting hurriedly. Just try to manually verify the details of the call, email or visit, and you will probably save some good cash.
It’s not an entirely new category, but just pretexting involving cryptocurrencies.
But since crypto education is still sparse, people tend to fall for this time and again. The most common scenario in such scams is an out-of-the-word investment opportunity.
Crypto scams can entrap one or more victims and can take time to deal the final blow. These plots may be staged by criminal organizations trying to lure investors to pump their hard-earned money into ponzi schemes.
And finally, the bad guys gulp in the people’s assets when the ‘coin’ reaches a considerable value, orchestrating what is known as a rug pull. What follows is the investors sobbing over millions of useless crypto with negligible market value.
Besides, another type of cryptocurrency scam can trick non-tech-savvy people into revealing their private keys. Once done, the scamester transfers the funds to another wallet. Owning to the anonymity of cryptocurrencies, tracing the stolen funds is often tough, and recovery becomes a pipe dream.
The savior here is research.
Try to verify the legitimacy of the team behind such developments. As a rule of thumb, don’t invest in new coins until they establish some market reputation and value. Even after everything, crypto is volatile and susceptible to scams. So, don’t invest if you can’t afford to lose it all.