This is your guide to pretexting, its types, a few real-life scams, and most importantly–how to avoid them.
There would be no poor on planet Earth had there been an easy way to riches.
But clearly, that’s not the case. So, people often go adventurous in luring others out of their hard-earned money. These attempts can take many interesting forms, like romance, impersonation, cryptocurrency, and even a USB drive.
While there are different terms for such specific scams, there is a well-known category encompassing all–Pretexting.
What is Pretexting?
Put simply, pretexting is creating a situation, often involving urgency, which tricks you into giving out critical information you otherwise won’t.
But this is more complicated than just a random SMS. Based on the modus operandi, pretexting has several techniques as discussed below.
Phishing is the most common method many of us experience once in a while. This involves getting emails, SMS, etc., asking to click a link that either downloads malware or takes you to a spoofed website.
The former can result in anything from stolen sensitive information or a locked personal computer for which you must pay big sums to get access back.
On the other hand, a fake website can be the exact replica of the original and steals whatever information you enter, starting from the login credentials.
Vishing is a subset of phishing and uses voice calls. So, instead of emails, you might receive phone calls pretending to be support executives of the services you already use or from your bank.
Here, a victim can be intimidated or imparted with a sense of urgency to complete an action in order to continue using the services. Besides, one can also have the other guy offering big amounts, which they can only get after paying for the ‘processing’ fee.
Scareware happens to internet users trying to visit dubious websites or clicking a rogue email or SMS link. This is followed by a pop-up telling your system is infected and asking to download a program for free thorough cleanup.
Now, who loves viruses? Nobody. Although, downloading that ‘antivirus’ from that ‘popup’ can wreak havoc on your device, including installing spyware, ransomware, and whatnot.
Baiting uses curiosity and the urge to have something before others as the primary weapon to accomplish malicious intent.
For instance, a USB disk lying on the floor of a mid-sized company with untrained staff will catch some good attention. Next, someone picks up the freeware from the premises and plugs it into the company system, compromising that specific computer if not the entire network.
In addition, one can also spot an extremely good offer on an online platform that’s about to expire. A harmless click can again jeopardize not only a personal computer but also a whole institution.
So, these were some of the pretexting methods used for online attacks. Now, let’s check out how these mechanisms are cooked into genuine looking real-life situations used to defraud many.
This is the most complicated of scams and hard to pinpoint. After all, who wants to lose the love of their life to petty suspicion, right?
Romance scams start with a stranger on a dating application. It can be a fake dating website created to capture the personal information of vulnerable, hopeless romantics. However, it can also be a legit dating website like Plenty of Fish with a fraudster masquerading as your ideal match.
In any case, things will generally move fast (but not always), and you will be happy to find your soulmate after all.
However, you will be denied video meets, and in-person dating will feel impossible due to the ‘circumstances.’ In addition, your chatting mate can also request to take the conversation off that dating website.
Moreover, these scams can result in the bad actor asking its partner to fund the travel for the in-person meet. Or, they can sometimes involve a hard-to-believe investment opportunity with eye-catching returns.
While romance scams have many flavors, the usual targets are gullible women looking for a reliable partner. Interestingly, another prime victims are military personnel honey trapped in online relationships, leaking classified information.
Put simply, if your online partner is interested in anything other than just you, be it money or crucial information, chances are it’s a scam.
Impersonation is straight-up social engineering at its best. This one has fooled many, including CEOs of reputed companies and renowned universities.
Otherwise, how would you define the CEO of Bitpay tricked out of 5,000 Bitcoins ($1.8 million at that time) with just an email.
Here the hacker acted smartly and gained access to one of Bitpay’s executive’s email credentials. Subsequently, the scamster emailed Bitpay’s CEO about settling a payment to their business client, SecondMarket. The fraud was discovered only when one of SecondMarket’s personnel was intimated about the transaction.
Besides, Bitpay could never claim insurance as this wasn’t a hack but a classic case of plain-simple phishing.
However, impersonation can also take the route of intimidation.
In such cases, people receive threatening calls from ‘law-enforcement officials’ asking for immediate settlements or face legal trouble.
Just alone in Boston (Massachusetts, US), impersonation caused damages up to $3,789,407, with over 405 victims in 2020.
However, impersonation can also be physical. For instance, you could have an unexpected visit from ‘technician(s)’ belonging to your internet provider to ‘fix certain things’ or for a ‘routine check’. You’re too shy or busy to ask for the details, and you let them come in. They compromise your systems or, worse, attempt an outright robbery.
Another common impersonation attack is CEO email fraud. It comes as an email from your CEO and asks you to complete a ‘task’ which typically entails a transaction to a ‘vendor.’
The key to avoid being a victim of such attacks is to relax and avoid acting hurriedly. Just try to manually verify the details of the call, email or visit, and you will probably save some good cash.
It’s not an entirely new category, but just pretexting involving cryptocurrencies.
But since crypto education is still sparse, people tend to fall for this time and again. The most common scenario in such scams is an out-of-the-word investment opportunity.
Crypto scams can entrap one or more victims and can take time to deal the final blow. These plots may be staged by criminal organizations trying to lure investors to pump their hard-earned money into ponzi schemes.
And finally, the bad guys gulp in the people’s assets when the ‘coin’ reaches a considerable value, orchestrating what is known as a rug pull. What follows is the investors sobbing over millions of useless crypto with negligible market value.
Besides, another type of cryptocurrency scam can trick non-tech-savvy people into revealing their private keys. Once done, the scamester transfers the funds to another wallet. Owning to the anonymity of cryptocurrencies, tracing the stolen funds is often tough, and recovery becomes a pipe dream.
The savior here is research.
Try to verify the legitimacy of the team behind such developments. As a rule of thumb, don’t invest in new coins until they establish some market reputation and value. Even after everything, crypto is volatile and susceptible to scams. So, don’t invest if you can’t afford to lose it all.
Interested in knowing more! Check this crypto scams guide by Bybit.
How to Fight Pretexting
Detecting pretexting isn’t easy, and the education you need to defend against it can’t be one time. The people responsible for these scams constantly evolve in their defrauding mechanisms.
Even so, the core of such methods remains the same, and you can take note of the following pointers for a head start.
#1. Learn to say NO!
Most people suffer from this urge to cooperate with strange emails and phone calls even when deep down they know–something’s up.
Respect your instincts. You can consult your peers before doing anything sensitive, like sharing bank account details, transferring money, or even clicking a suspicious link.
#2. Train your workforce
It’s human nature to forget. So, a single warning at the joining time won’t do much good.
Instead, you can conduct monthly scam drills to ensure your team stays abreast of such tactics. Even a weekly email informing about the latest pretexting attacks will do a great service to the cause.
#3. Invest in a Good Antivirus
Most of the time pretexting involves the use of dodgy-looking links. Therefore, it becomes much easier if you have a premium antivirus to take care of such attacks.
They have central databases sharing intel and sophisticated algorithms doing the hard work for you.
Besides, open the link in a search engine if it doesn’t seem click-worthy.
#4. Textbooks and Courses
While the internet is full of useful (and bad) advice to avoid pretexting, some prefer the conventional way of learning. In this case, there are a few helpful books:
|The Social Engineer’s Playbook: A Practical Guide to Pretexting||$17.09||Buy on Amazon|
|A Gentle Introduction to Social Engineering Attack and Prevention||$4.43||Buy on Amazon|
Such sources are especially useful for a thorough self-paced education which also won’t add to your screentime.
Another option that is particularly suited for your employees is this Udemy’s social engineering course. The prime merit of this course is the lifetime access and the availability on mobile and TV.
This course covers digital and physical pretexting, including psychological manipulation, attack techniques, non-verbal communication, and more, which will be helpful to the newbies.
Wield The Knowledge Shield!
As already stated, these con artists find new ways to fool an average internet user. However, they can also target the savviest of people.
The only way forward is education and sharing such incidents with peers on social media platforms.
And you will be surprised to know frauds are now commonplace in the metaverse too. Check out how to avoid fraud in metaverse and take a look at this guide to join and access metaverse if you’re new to these strange computer worlds.