What are Pretexting Scams?

Business data and assets are valuable and sought-after by cybercriminals. Every year, they become more creative with their methods and workarounds as new techniques emerge to prevent cyber scams. So, what is pretexting in cybersecurity?

Pretexting attack is a social engineering technique. It’s where attackers take advantage of established trust with someone within a business to gain information or access. There are many ways to accomplish this. And unlike most other scams, there are both real-world and digital methods of pretexting attacks.

Read on to learn about common pretexting techniques, examples, and prevention tips.

What are Pretexting Attacks and What are Their Spreading Mechanisms

Pretexting attacks are dangerous to businesses everywhere, and not all of them start at the computer. These attacks are carefully planned and set up beforehand, either in the real or cyber world.

Pretexting attacks include inventing or leveraging a scenario or situation. Scammers lure victims into vulnerable positions, convincing them to open the “doors” of sensitive information or system access. The target thinks they’re divulging confidential info or handing over access to mitigate a perceived threat in the pretext or scenario created by the attacker.

The best way to prevent these social engineering attacks is to understand the methods and how they work. Here we’ll cover various techniques attackers use to execute a pretexting attack.


Impersonation attacks require extensive groundwork. While highly effective, this scam type takes lots of work on the attacker’s end. It starts with researching the target and their contacts.

Scammers learn habits, grammar usage, and text voice to impersonate a target’s contact. They invent a believable story (the pretexting component), put it in a typed message or email, and hope to fool the target successfully.


Piggybacking requires far less research on the attacker’s part. They only have to find a willing-to-help type target.

With piggybacking, scammers fool their targets into believing they need help for one reason or another. This factor would be the pretexting portion of the attack. Whether the attacker “misplaced a security card” or they’re trying to “move heavy packages into the building,” there’s some reason for them to ask for help.

Cybercriminals use this technique to bypass security systems on computers and other devices or even access locked rooms and buildings. All they need to do is find a target with sufficient clearance that would be happy to help.


Tailgating is very similar to piggybacking. It is a pretexting attack, where the victim isn’t aware that the attacker’s there at all. The goal is to use a target’s clearance without interacting with them. Sticking a foot in the door, remembering the four-digit code the victim punched in, etc., are all ways to execute a tailgating attack.

The planning, then, becomes less about the targeted individual and more about the location around them. The attacker must be aware of any and all witnesses that could spoil their “fun.”

Pretexting comes in handy when the attacker gets caught or during preparation. Let’s say they chose to wear a handyman uniform so once they’re in, they have a believable story.


With baiting, attackers do very little research on specific individuals. They focus more on the targeted company. Baiting is a fairly hands-off trap. Once an attacker plants the bait, they wait for someone to interact with it. As such, extensive planning goes into what type of bait will likely have the most success.

For example, let’s say the pretexting component is an office environment.

If projects and files are left around the workplace on flash drives, it’s easy to install malware on one, disguise it with a company logo, and leave it lying around on a table. Once an employee inadvertently plugs the malware into a company computer, attackers can access business assets and manipulate data as they please.


We’ve talked a lot about phishing on our blog. Email is built so that anybody can send anything (text, attachments, URLs, etc.) to anyone. This results in very little moderation of what’s sent.

Whether the attacker emails a large number of people or initiates a spear-phishing or whaling attack, they use some pretense to “phish” for victims. In general, what pretexting is in cybersecurity is the scenario used by malicious actors to trap their victims.

It could be anything from a request from a coworker to a story about a Nigerian prince that left you wealth. Phishing is similar to baiting; only you receive the “bait” via email.

Pretexting Examples in Messages

There are hundreds of examples of pretexting in emails and messages. If attackers can get away with malicious communication without consequence, then how do you prevent pretexting attacks at all? While not foolproof, you can at least be on the lookout for red flags. Pretexting scenarios often start with small talk. Here are a few pretexting attack examples:

  • “Hey, are you available?”
  • “It was great seeing you last week!”
  • “I was planning a surprise for Amy. Want to help?”

These are the kinds of openers scammers typically use to create an air of familiarity and trust immediately. Even with the bare minimum of research, attackers can twist easily-accessible information about a person to seem like they know them.

Once that slight bit of trust is established, they’ll send in the hook. They’ll ask for some piece of information nonchalantly or even a bit of cash.

4 Tips to Avoid Pretexting

Now that you’re aware of what pretexting is in cybersecurity, we can arm you with some tips to help you stay vigilant and keep safe.

Implementing DMARC

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a widely-used protocol to shield your email infrastructure from unwanted guests. While not a single solution, DMARC protects against emails from non-trusted domains and senders.

Once implemented, DMARC collects and monitors information about your sending sources, giving you a complete picture of your email infrastructure via reports. You can customize and establish policies for DMARC to follow when dealing with your company’s domain (none, quarantine, and reject). This way, you significantly reduce the chance of an employee, a client, or a partner stumbling upon phishing or spoofed emails with your company name.

Email Analysis Using AI

It’s one thing to monitor your sources for outgoing messages. Inbound communication is a bit different. As you might know, there are spam filters and other useful algorithm-powered tools that make it easier to sift through unwanted emails in your inbox.

Still, machine learning and artificial intelligence have started recognizing pretexting attacks and phishing messages. AI-powered tools analyze the sender domain, user behavior, and other potential anomalies to stop a threat before it reaches your inbox.

Web Application Firewall (WAF)

Malware and phishing with the pretexting component aren’t just limited to an opened email. There are plenty of ways threats can sink their hooks into an employee’s computer. WAFs prevent this by scanning and monitoring the HTTP traffic between an application and the internet. When something seems out of place, it filters that traffic out. This way, the company systems aren’t “exposed to the elements” while being online.

User Training

Technological solutions are crucial. Still, employee training and company guidelines in place make them even more secure.

Teaching your staff how to identify, deal with, and prevent malicious techniques is a necessity. A few phishing attempts will almost always make it through the security protocols. Once they do, it’s up to the employee to spot a suspicious email and know what to do with it.

Final Thoughts

Phishing, account takeover, and other attacks come through a definitive channel. On the other hand, pretexting components can be present in many attack types, including piggybacking, tailgating, baiting, and impersonation. Whatever the vessel, pretexting would be the wrapping paper on the “gift.”

Once you learn to identify pretexting attacks, you’ll become better at pinpointing other attack types, too. Implement prevention and security methods like DMARC, email analysis, WAF, and user training to keep your business and data safe.

Email Security as a Service

Email Security as a Service

Email security is one of the most important aspects of any business. Why? Because email...

Read More
What’s the Difference Between SPF DKIM and DMARC?

What’s the Difference Between SPF DKIM and DMARC?

SPF, DKIM, and DMARC are the three most important email authentication protocols to prove...

Read More
How to Stop Spam Emails and Save Your Inbox [Corporate Email Edition]

How to Stop Spam Emails and Save Your Inbox [Corporate Email Edition]

Everyone agrees that email is fast becoming the preferred communication channel for businesses and...

Read More