A social engineering technique where an attacker creates a fabricated scenario (pretext) to manipulate a victim into providing information, granting access, or performing an action they wouldn't normally do.
A social engineering technique where an attacker creates a fabricated scenario (pretext) to manipulate a victim into providing information, granting access, or performing an action they wouldn't normally do.
Think you've been targeted?
Paste the suspicious content here for an instant analysis.
No signup · 6 detection layers · Results in seconds · Cmd+Enter
Pretexting is storytelling with malicious intent. The attacker crafts a believable scenario — they might pretend to be a coworker from another office, an IT technician performing maintenance, a bank employee verifying an account, or even a law enforcement officer.
What makes pretexting effective is the preparation. Attackers research their targets thoroughly, learning organizational structures, internal terminology, and personal details that make their cover story convincing.
Unlike phishing, which often relies on urgency and mass messaging, pretexting involves sustained deception. The attacker may build a relationship over multiple interactions before making their actual request.
A social engineer called a company's help desk posing as a new employee who had locked themselves out of their account. Using details gathered from LinkedIn and the company website, they convincingly answered security questions and obtained password reset access to a senior manager's account.