An employee in your organization received a call from an individual claiming to be from the IT department. The caller stated they were conducting routine security checks and needed the employee's username and password to ensure his account is secure. The caller is exceptionally polite and knowledgeable about company protocols. Which type of social engineering attack is MOST likely occurring?
Pretexting involves the creation of a fabricated scenario designed to persuade a victim to release information or perform some action. In this case, the attacker is pretending to be a familiar and legitimate entity—such as an IT department representative—to gain the trust of the employee and obtain sensitive information. This is a common tactic where attackers carefully craft a believable story that seems legitimate to the victim.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is pretexting and how is it different from other social engineering attacks?
Open an interactive chat with Bash
Can you provide an example of another pretexting scenario?
Open an interactive chat with Bash
What steps can employees take to protect against pretexting attacks?