An employee in your organization received a call from an individual claiming to be from the IT department. The caller stated they were conducting routine security checks and needed the employee's username and password to ensure his account is secure. The caller is exceptionally polite and knowledgeable about company protocols. Which type of social engineering attack is MOST likely occurring?
Pretexting involves the creation of a fabricated scenario designed to persuade a victim to release information or perform some action. In this case, the attacker is pretending to be a familiar and legitimate entity—such as an IT department representative—to gain the trust of the employee and obtain sensitive information. This is a common tactic where attackers carefully craft a believable story that seems legitimate to the victim.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are common tactics used in pretexting attacks?
Open an interactive chat with Bash
How is pretexting different from phishing?
Open an interactive chat with Bash
What are some ways organizations can prevent pretexting attacks?