What is Pretexting in cyber security?

"Have you ever received a scam email?"

If yes, then understand that someone is trying to make you prey on a pretext which is very common in social engineering nowadays.

Pretexting in cyber security is when scammers gain access to sensitive data and personal accounts under false pretexts. For example, they often contact their victims via phone calls, emails, and texts and work to gain their trust to get them to hand over private information.

How does Pretexting work in cyber security?

Pretexting is a major issue in the cyber security industry since scammers often use digital means of communication, such as email, to entice their victims. There are a number of techniques used by an attacker to persuade a victim to give up important information or access to a service or system. In order to acquire the trust of the victims. This usually involves creating a story to fool the victim. According to data from National Cyber Security Centre (NCSC), there were 14 million scams reported which has resulted in 100 thousand scams being removed across 184,000 URLs.

Types of Pretexting in cyber security:

The Fake Invoice Scam

One of the common pretexts in Cyber Security is the fake invoice. Fake invoice scams target business owners and employees. An email can be sent to a high-level executive claiming to be someone within the organization. Typically, hackers use fake invoices to trick businesses into paying for products or services they ordered or that didn’t exist. Products and services might include tangible items and intangible items such as supplies, and consulting services and those could be referred to as renewals or add-ons to distract a victim. The invoice looks official, it might include a business logo, the name, the address and even payment remittance details. Sometimes, the email will include an attachment with malware, which when opened can affect the whole system.

Email Account Upgrade Scam

The email account upgrade can be sent from any well-known company like Microsoft and Google or just from your company’s IT department, threatening that your account will expire if no action is taken right away. In this type of scam, there might be no obvious grammatical mistakes, no complex queries and the link itself would appear to direct to a safe “HTTPS” web page for an unsuspecting user.

Unusual Activity Scam

When you receive an email or text stating that there has been “suspicious activity on your account”, you need to be fully alerted. This is another example of pretexting in cyber security where an unusual activity scam can come from.

How to prevent pretexting in cyber security?

• Make sure people processing invoices or answering phone calls are aware of potentially falsified invoices.
• Ensure team members who pay bills are aware of what bills they should expect to receive, from which vendors and for what products & services
• Be aware of suspicious links, especially if the process for an existing vendor changes
• Be wary of changes to vendor payment or bank information, especially if they’re an existing vendor
• Verify that all goods or services were ordered and delivered prior to paying an invoice

Also, please always ask yourselves:

Does the email or invoice have poor English or grammar?

Does the requested amount make sense for the product or service?

Does the email text pressure you to pay immediately?

Does the vendor’s email address match the contact information?

If you're looking to conduct a thorough and professional cybersecurity audit, Swiftcomm can help. You’ll receive your own cybersecurity account manager, and our support is available 24/7. You do your best and Swiftcomm does the rest.