.png&w=384&q=75){kind=small}
What is Pretexting?
Pretexting is when an attacker creates a fabricated scenario — a "pretext" — to trick someone into sharing information or performing an action they normally wouldn't. Think of it as method acting for criminals: they invent a believable character and situation, then play that role convincingly enough to bypass your team's natural skepticism. The quality of the pretext depends entirely on how much real information the attacker can gather beforehand.
How a Pretexting Attack Works
Research the scenario ingredients
The attacker gathers real details about the company — vendor names, internal project names, employee roles, office locations — to build a story that holds up under scrutiny.
Create a believable identity
They construct a persona: a new IT contractor, a vendor representative, a compliance auditor. They may create fake email addresses, LinkedIn profiles, or even business cards.
Engage the target with the story
The attacker contacts the target and presents their fabricated scenario — "I'm from your IT provider and we need to verify your access before the migration this weekend" — peppering it with enough real details to sound credible.
Extract the desired information
Once the target is engaged, the attacker guides the conversation toward what they actually want: login credentials, system details, financial information, or physical access.
Real-World Example
An attacker researched a healthcare company's recent IT vendor change (announced in a press release), then called the billing department posing as the new vendor's support team. They claimed they needed to "verify system access" for the transition and convinced three employees to share their login credentials over the phone.
How AiVERSARY Detects Pretexting Risk
AiVersary's OSINT reports show you the building blocks attackers use to construct pretexts: your vendor relationships, technology stack, organizational structure, and internal terminology that are discoverable from public sources. Understanding what's already exposed lets you train your team to recognize when someone is weaponizing that information against them.
Is your organization exposed to pretexting?
AiVERSARY scans your public footprint and identifies the exact data attackers would use against you. $499 per report.
Get Your Threat ReportRelated Terms
Social Engineering
Social engineering is the practice of manipulating people into giving up confidential information or taking actions that compromise security. Instead of breaking through firewalls and encryption, attackers exploit trust, authority, urgency, and helpfulness — basic human instincts that no software patch can fix. It is the foundation of nearly every major breach.
Vishing
Vishing — short for "voice phishing" — is when attackers use phone calls instead of emails to manipulate people into sharing sensitive information or taking harmful actions. Phone calls create a sense of immediacy and personal connection that emails can't match, and they bypass all of your email security filters. With AI voice cloning now widely available, attackers can even impersonate specific people your team knows and trusts.
Spear Phishing
Spear phishing is a targeted email attack where criminals research a specific person and craft a message designed just for them. Unlike mass spam, these emails reference real details about your job, your colleagues, or recent company events to appear legitimate. They are the number one way attackers breach organizations today.
OSINT Reconnaissance
OSINT reconnaissance — Open Source Intelligence gathering — is the first phase of nearly every targeted cyberattack. It's the process of collecting publicly available information about an organization and its people to plan an attack. Everything from your company website and LinkedIn profiles to job postings, DNS records, and conference presentations becomes intelligence. This is exactly the same process AiVersary uses, but we do it first so you can fix what's exposed.