• Why IRONSCALES
    OUR VALUE
    • Protect Better
      Protect Better

      Gain protection against advanced email attacks like BEC, ATO, social engineering, and more

    • Simplify Operations
      Simplify Operations

      Turn hours-a-day to minutes-a-month combatting phishing with customizable security automation

    • Empower Your Org
      Empower Your Org

      Triple your org's email security awareness with real-world phishing simulation testing and training

    CUSTOMERS
    • Customers
      Customers

      Check out the benefits provided to our customers and their stories

    • flag
      Case Studies

      Explore inspiring success stories from our 13,000+ global customers

    • star
      Reviews

      Uncover honest reviews with authentic insights from Gartner, G2, Capterra, and more

    NEWS
    • mic
      Press

      Read our latest press releases, news publications, and media highlights

    • award
      Awards

      Explore our awards and industry recognition achievements

    Thumbnail-google-workspace-and-ironscales-a-complete-email-security-solution
    Press: New Research

    New Osterman study reveals orgs with high confidence still lack capabilities against QR code attacks

    header-card-image-3
    Case Study: Webhelp

    Learn how Webhelp saved over 450 SecOp hours and is protecting 36,000 mailboxes

    header-card-image-1
    Awards: INC. 5000

    IRONSCALES earns 'Fastest Growing Email Security Company' for 3rd straight year

  • Platform
    Spring '24 Software Release! Check out our new deep image-based detection, GWS capabilities, and more. Explore the new additions
    CAPABILITIES
    • Inbound Email Protection
      Inbound Email Protection

      Get Adaptive AI email security against advanced attacks missed by other security controls​

    • Account Takeover Protection
      Account Takeover Protection

      Eliminate the risk of ATO with advanced prevention, detection, and response

    • Image-Based Attack Protection
      Image-Based Attack Protection

      Protect your organization from image-based attacks like malicious QR codes

    • SOC Automation
      SOC Automation

      Put SecOps workloads on auto-pilot with automated email remediation and more

    • Phishing Simulation Testing
      Phishing Simulation Testing

      Send your employees customized simulations built from real-world threats

    • Security Awareness Training
      Security Awareness Training

      Build a security-centric culture with automated personalized awareness campaigns

    • Crowdsourced Threat Intelligence
      Crowdsourced Threat Intelligence

      Leverage insights from 20,000+ security analysts in our community for email remediation

    • Collaboration Tool Protection
      Collaboration Tool Protection

      Protect your collaboration tools including Microsoft Teams® from advanced threats

    Take an Interactive Platform Tour
    TECHNOLOGY
    • Adaptive AI Engine
      Adaptive AI Engine

      Learn how we level up our AI with advanced ML models and Human Insights

    • Human Insights
      Human Insights

      See how we uniquely enhance our adaptive AI with real-time Human Insights

    • Generative AI
      Generative AI

      Discover how we use Gen-AI, large language models, and techniques for email security

    • Ecosystem Integrations
      Ecosystem Integrations

      Maximize your existing security tools with our seamlessly integrated platform

    Take an Interactive Platform Tour
  • Solutions
    Introducing Weekly Demos! Join us for a live walkthrough of our platform and see the difference firsthand. Register Now
    USE CASE
    • BEC & Executive Impersonation
      BEC & Executive Impersonation

      Stop advanced attacks like BEC, VEC, and VIP impersonation

    • Advanced Malware/URL Attacks
      Advanced Malware/URL Attacks

      Continuously protect against malicious links and attachments

    • Credential-Theft
      Credential Harvesting

      Block attackers from stealing your sensitive business data

    • Account Takeover Attacks
      Account Takeover Attacks

      Prevent, detect, and respond to ATO attacks in real time

    • QR Code Attacks
      QR Code Attacks

      Decipher image-based attacks from weaponized QR codes

    • Generative AI Attacks
      Generative AI Attacks

      Safeguard your organization against GPT-crafted attacks

    • Phishing Simulation Testing
      Phishing Simulation Testing

      Test your employees with real-world email attacks

    • Security Awareness Training
      Security Awareness Training

      Build a security-first organization with integrated SAT campaigns

    Get A FREE Email Health Scan
  • Learn
    New Report! Osterman Research releases their 2024 findings on Image-based/QR Code Attacks. Read the report
    LEARN
    • Blog
      Blog

      Stay informed with our insights and updates

    • Guides
      Guides

      Explore our multi-chapter email security guides

    • bookmark
      Glossary

      Decode cybersecurity jargon with our glossary​

    • Resource Library
      Resource Library

      Rich content hub including whitepapers, reports, and more

    • Get Started
      Get Started

      Get started today with a 14-day free trial

    • Platform Tour
      Platform Tour

      Navigate our platform directly with an interactive guided tour

    • Engineering Corner
      Engineering Corner

      Explore articles and lessons from our R&D team members​

    CONNECT
    • Events
      Events

      View our upcoming in-person and virtual events

    • LinkedIn_icon-vector
      LinkedIn

      Join the evolving email security discourse with us on LinkedIn

    • Newsletter
      Newsletter

      Join our LinkedIn newsletter for security news and best practices

    See all resources
    FEATURED
    Email Security in the Age of AI
    Email Security in the Age of AI

    Understand the role of AI in fortifying defenses against evolving threats.

    QR Code Phishing
    QR Code Phishing

    QR codes serve as a new bypass method to evade detection.

    The ABCs of MFA
    The ABCs of MFA

    MFA is your digital doorman that keeps the malicious actors at bay.

    Phishing Prevention
    Phishing Prevention

    Dive into our complete 13-chapter guide on phishing prevention best practices

    Spear Phishing Thumbnail
    Spear Phishing

    Understand the inner workings of highly specialized phishing tactics and how to stop them

    Voice Phishing
    Voice Phishing

    See how attackers leverage new methods and channels to defraud businesses

  • Partner
    BY TYPE
    • Resellers
      Resellers

      Elevate your business with exclusive reselling opportunities

    • MSPs / MSSPs
      MSPs / MSSPs

      Unlock powerful email security capabilities for your end clients

    • Technology Partners
      Technology Partners

      View our industry-leading technology partners

    ENGAGE
    • Become Partner
      Become Partner

      Apply to become an IRONSCALES partner today

    • Partner Portal
      Partner Portal

      Check out valuable tools and resources for partners

    Become a Partner

    Partner with IRONSCALES Today
  • Pricing
  • headset_icon user Get a Demo
headset_icon user Get a Demo

What is Pretexting?

Pretexting is a form of social engineering where attackers deceive victims by fabricating scenarios and establishing trust to extract sensitive information, often posing as trusted individuals or organizations. It involves manipulating victims into divulging personal data or performing actions that benefit the attacker's objectives.

Pretexting Explained

Pretexting is a social engineering technique used by threat actors in business email compromise attacks to manipulate individuals into divulging sensitive information. It involves creating a fictional scenario or pretext to deceive victims and gain their trust. By posing as a trusted person or organization, the attacker convinces the victim to provide personal data, such as passwords, financial information, or confidential company data. Pretexting attacks exploit human vulnerability and rely on the victim's willingness to help or comply with requests.

How does Pretexting Work?

Pretexting attacks typically follow a set of steps:

  1. Research: The attacker gathers information about the victim and the target organization, including personal details, job roles, relationships, and company structure. This information is used to craft a convincing pretext.

  2. Establish Trust: The attacker impersonates someone the victim trusts, such as a colleague, authority figure, or service provider. They employ tactics like spoofing phone numbers or email addresses to appear legitimate.

  3. Create a Scenario: The attacker creates a plausible scenario that requires the victim to provide sensitive information or perform actions that benefit the attacker's goals. This scenario often involves urgency, importance, or a promise of reward to increase the victim's willingness to comply.

  4. Engage and Extract Information: Through communication channels like phone calls, emails, or in-person interactions, the attacker engages the victim in conversation, gradually extracting the desired information. This can include passwords, account numbers, social security numbers, or access to physical locations.

  5. Exploit and Maintain Access: Once the attacker obtains the information, they may use it for secondary attacks, identity theft, or gaining unauthorized access to systems. They may also maintain their presence to carry out further malicious activities.

Pretexting Techniques

Pretexting attacks can take various forms. Here are a few examples:

  1. Impersonation: Attackers impersonate trusted individuals or institutions, such as company executives, colleagues, or financial institutions. They manipulate victims into revealing sensitive information or initiating unauthorized transactions.

  2. Tailgating: Threat actors physically follow authorized personnel into secure areas without raising suspicion, taking advantage of their access privileges.

  3. Piggybacking: In this technique, the attacker requests assistance from authorized individuals, claiming to have forgotten access credentials. By exploiting the victim's helpfulness, they gain entry to restricted areas.

  4. Baiting: Attackers leave physical or digital "baits" in public spaces to entice victims into taking certain actions, such as inserting malware-infected USB drives or visiting malicious websites.

  5. Phishing: While distinct from pretexting, phishing often incorporates elements of pretexting. Attackers impersonate trusted entities through emails or text messages, tricking victims into revealing sensitive information or downloading malware.

  6. Vishing and Smishing: Vishing involves using phone calls, while smishing involves text messages to deceive victims into providing sensitive information or granting remote access to their devices.

  7. Scareware: Attackers use scare tactics, such as false malware alerts or system infection warnings, to trick victims into installing malicious software or purchasing fraudulent services.

How to Detect and Prevent Pretexting

Detecting and preventing pretexting attacks requires a combination of vigilance, education, and security measures. Here are some preventive measures:

  1. Employee Awareness: Regularly train employees to recognize and report suspicious communication or requests for sensitive information. Educate them about common pretexting techniques and the importance of verifying identities before sharing data.

  2. Verify Requests: Encourage employees to independently verify requests for sensitive information, especially if they seem unusual, urgent, or come from unexpected sources. Use established communication channels or contact the purported sender through known and verified contact information.

  3. Implement Multifactor Authentication (MFA): MFA adds an extra layer of security by requiring additional verification steps beyond passwords. This reduces the risk of unauthorized access even if credentials are compromised through pretexting attacks.

  4. Security Awareness Training: Conduct regular security awareness training to educate employees about social engineering techniques, including pretexting. Provide real-life examples and simulations to reinforce learning.

  5. Use Email and Web Filtering: Employ email and web filtering solutions that can identify and block suspicious or malicious content, reducing the risk of falling victim to phishing or other pretexting attempts.

  6. Incident Response Planning: Establish an incident response plan to handle potential pretexting attacks effectively. This includes procedures for reporting incidents, analyzing the impact, and implementing appropriate mitigation measures.


How IRONSCALES Protects Against Pretexting

IRONSCALES provides an advanced anti-phishing and email security platform that helps organizations detect and mitigate pretexting attacks. Key features include:

  1. Automated Threat Intelligence: IRONSCALES leverages machine learning and artificial intelligence algorithms to analyze email patterns, identify suspicious senders, and detect potential pretexting attacks.

  2. Real-Time Email Classification: The platform uses advanced algorithms to classify emails into trusted, suspicious, and malicious categories, enabling organizations to prioritize and respond to potential pretexting attempts effectively.

  3. End-user Empowerment: IRONSCALES fosters a collaborative environment, empowering employees to report and share suspicious emails with security teams through a simple one-click reporting button.

  4. Incident Response Automation: The platform streamlines incident response processes by automating analysis, quarantining suspicious emails, and initiating security playbooks for rapid investigation and mitigation.

  5. Security Awareness Training Integration: IRONSCALES integrates with security awareness training platforms, enabling organizations to reinforce employee education and simulate pretexting scenarios to improve resilience against such attacks.

By leveraging these capabilities, IRONSCALES helps organizations detect and respond to pretexting attacks effectively, reducing the risk of data breaches and unauthorized access.

The examples, techniques, and preventive measures provided in this glossary page are for educational purposes only and do not guarantee complete protection against pretexting attacks. Organizations should adopt a comprehensive security approach and regularly update their security practices to mitigate evolving threats.

Learn more about IRONSCALES advanced anti-phishing platform here. Get a demo of IRONSCALES™ today!  https://ironscales.com/get-a-demo/

ai-ironscales
FREE Email Health Scan

Request an AI-powered email scan of your mailboxes and uncover lurking phishing threats.
Get A Scan

Featured Content

Human & Machine

A core tenet at IRONSCALES is that phishing is a human + machine problem that can only be solved with a human + machine solution.

Read More

Vendor Spoofing

A researcher at IRONSCALES recently discovered thousands of business email credentials stored on multiple web servers used by attackers to host spoofed Microsoft Office 365 login pages.

Read More

The Cost of Phishing

Businesses are spending too much time and money on phishing. Discover how much in this survey report. 252 security professionals. 20 industries. 5 key takeaways.

Download Report
Schedule a Demo

Request a demo to see what IRONSCALES AI-powered email security can do for you.
Get a Demo