An employee receives a phone call from an individual claiming to be a member of the IT department's security audit team. The caller explains that due to a recent security incident, they are verifying all user credentials. The caller uses a professional tone, refers to a non-existent ticket number, and asks the employee to provide their username and password for verification. Which social engineering technique does this scenario BEST describe?
This scenario is a classic example of pretexting. Pretexting involves an attacker creating a believable, fabricated scenario (the pretext) to manipulate a victim into providing sensitive information. In this case, the pretext is a security audit by a fake IT department member. Phishing is incorrect as it typically refers to attacks via email. Smishing is incorrect as it involves attacks via SMS text messages. A watering hole attack is incorrect as it involves compromising a website that targets are known to frequent.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are some common examples of pretexting?
Open an interactive chat with Bash
How can individuals protect themselves against pretexting?