Pretexting is the act of obtaining personal information through deception, which is illegal in most cases. It can be used to gain access to bank accounts or phone records, and is a form of social engineering. Criminals may use a fake survey to gather personal information, then use it to access bank accounts or create new credit card accounts. The Hewlett-Packard CEO was caught using pretexting to obtain phone records of employees.
Pretexting is generally defined as obtaining sensitive or personal information through impersonation or other deception. It is considered an illegal act in most circumstances, but laws against the practice vary from state to state and are not always clearly written. It is illegal under the Gramm-Leach-Bliley Act to use the guise to gain access to bank accounts or other sensitive financial information. It’s not necessarily illegal, however, to use it to obtain phone records or expose an unfaithful spouse. Lying about your identity isn’t always a crime, but financially benefiting from it is actionable.
Many people are familiar with the idea of illegal computer hacking and identity theft, but very few people are familiar with the practice of pretexting. Hacking into computer servers or using sophisticated programs to crack passwords is only one aspect of cyberhacking. Practices like cheating and phishing are examples of social engineering, the human element behind hacking. It works best when the pretext provides a compelling performance, complete with the appropriate technical jargon or other insider information.
A typical pretext incident might involve a criminal trying to access the victim’s personal bank account. The criminal calls the victim home, claiming to conduct an investigation. The questions may seem relatively harmless, but the fake surveyor is really trying to gather personal information, such as a mother’s maiden name, a date of birth, the name of a family pet, or even part of a Social Security number. of the victim. Once the perpetrator has this information, the process continues at the victim’s bank.
The caller uses the victim’s name to identify himself to the bank representative. A pretexter might create a story about losing a checkbook or forgetting his new password. The bank may have tight security measures in place, but the criminal’s pretext can provide many of the answers he seeks. Once the criminal has full access to the victim’s banking information, he can cancel the account in minutes. Another criminal can use your personal information to create a new credit card account or take over an existing one.
In 2006, the chief executive officer (CEO) of computer giant Hewlett-Packard got caught up in a bootlegging scheme and eventually resigned. In an effort to uncover the source of the internal information leaks, the former CEO hired an outside investigator. Several Hewlett-Packard executives discovered that their personal and professional phone records had been collected without their permission. Following an investigation, it was determined that outside investigators had used the pretext to obtain those phone records. The phone company representatives believed they were communicating with real Hewlett-Packard employees.
Protect your devices with Threat Protection by NordVPN