woman receiving pretexting message from scammer

What is Pretexting? How Scammers Use Social Engineering to Trick Their Victims

By Cyrus Grant

Stories can be a compelling way to reach and connect with people. Unfortunately, scammers have weaponized that fact to increase their success rate with the use of a technique known as pretexting. Pretexting is a type of social engineering used to help set the stage for a scam through the use of fabricated stories. Here’s everything you need to know.

What is Social Engineering?

Before getting specifically into what pretexting is, it’s important to understand the broader concept of social engineering. Social engineering is a term used for a range of malicious activities that bank on exploiting human interactions and behaviors. It’s a psychological tactic used to build trust, manipulate, or trick victims into handing over money or valuable private information.

Social engineering is particularly dangerous because it targets human error and emotion instead of complex security systems. Rather than needing incredible technical skills to accomplish something like hacking into your bank account, scammers can just trick you into giving them everything they need.

What is Pretexting?

Pretexting is the use of a made-up story to gain a victim’s trust and/or manipulate them. The stories can vary from emotional pleas to false identity claims meant to trick victims. Some pretexting aims to pull at heartstrings or create a sense of urgency that preys on people’s kindness. Others are used to simply trick people into thinking they are dealing with a government official, authorized support agent, or some other trusted source.

Ultimately, pretexting is the use of stories and lies to manipulate victims into giving up private information.

What’s the Goal of Pretexting?

The ultimate goal of this type of manipulation is obviously to scam victims. However, the specific goal of pretexting is to build trust or an emotional connection. If someone comes up to you and simply asks for a few dollars, it’s easier to say “no” than if they come up to you explaining how they “need some money because their car ran out of gas on their way to pick up their three-year-old from daycare and they forgot their wallet.” That backstory about the kid and wallet is the pretext, and it’s setting the scene to make you feel bad for turning them down, thus making you more inclined to fall for their story.

While the classic gas station grift is a simple example, in modern times the stories and goals are more nefarious than getting some spare change. Modern scammers use pretexting in order to gain access to sensitive private information and data that they can use to turn into a much bigger profit than a little gas money.

man receiving suspicious email with pretexting messages from scammer

How Pretexting Works

The most current iteration of pretexting works in two general steps. 

  1. 1.
    Establishing authority: Scammers start out by contacting their target pretending to be a reputable person attempting to either assist with or alert you to some (nonexistent) problem. This could be them claiming to be an IRS agent because of a tax issue, a bank representative due to scam activity, law enforcement reaching out about a warrant, or tech support letting you know you’ve been compromised. All of these are, of course, fake, but they create a sense of urgency that might lead you to let your guard down and trust that they are who they claim to be.
  2. 2.
    Assisting with the problem: Once they’ve made contact and given you their false claim to authority, they’ll continue by walking you through some supposedly serious problem that only they can help you resolve. A common example could be someone contacting you, claiming to be from XYZ Bank to alert you to fraudulent withdrawals/charges. After confirming the supposed actions weren’t done by you, they’ll offer to help you secure your account. At that point, the victim will unknowingly divulge sensitive information, such as their bank account numbers, usernames, and passwords.

While it’s easy to read this and think, “why would you ever tell someone your bank information?” It’s all about the pretext. These scammers have often done a base level of homework on their targets, including using information they might have already stolen or purchased on the dark web. That means when they call you, they’ll have just enough information to make you believe they are legitimate. Add in a convincing story about a $500 charge, outstanding arrest warrant, or unpaid taxes, and panic can lead even the most cautious person to fall victim.

Types of Pretexting 

Understanding pretexting is important because it’s part of many modern scams, often as a core part of the following scams:

  • Impersonation: This is the most straightforward scam that involves pretexting. It’s someone impersonating a trusted source in order to get you to directly share private information.
  • Phishing: While pretexting started out as elaborate stories, scammers realized that simple implications could work as part of a bigger strategy. With phishing being one of the most common scams out there, scammers use a bit of pretext to get victims to click on malicious links. While phishing links don’t come with elaborate stories, they will make the same types of surface claims, such as your bank contacting you due to fraudulent activity, prompting you to click on an attached link to resolve the issue.
  • Vishing: Voice-based phishing, or vishing, can take different approaches, but the most common is to target older individuals, often pretending to be some authority calling on behalf of a grandchild in need of help. Most commonly, they will call the elderly and alert them that their grandchild has been arrested, and needs X amount of money to be released.

The reality is that most scams involve some type of story, meaning most scams involve a level of pretexting. So long as you remember to stay calm and think to verify what you’re hearing, you’ll be able to recognize and shut down most pretext-based scam attempts.

woman teaching grandmother how to identify pretexting attempts from scammers

Common Pretexting Examples

Whether it’s on the phone, in an email, in a text, or even in your mailbox, scams will often contain certain popular themes when it comes to pretexting. The most common include:

  • IRS alerts
  • Bank alerts
  • Job offers
  • Law enforcement alerting you to legal trouble involving you or a loved one
  • Someone new in town looking for a romantic or platonic relationship
  • Tech support alerting you to a compromised device
  • Scare tactics or blackmail, such as them having incriminating or embarrassing pictures or videos of you

The number of pretexting stories is likely too high to count, and scammers are always coming up with new ways to get what they want. That said, if something seems too good to be true, or feels even a little sketchy, it’s best not to provide any sensitive information. Should you receive an alert as to any of the topics mentioned above, your safest bet is to look up official contact information for the relevant party, and contact them directly yourself.

How to Stay Safe From Pretexting Attacks

As you’ve gathered, pretexting is basically just malicious storytelling in order to help scammers get what they want. That means that being alert is the first step to achieving a level of protection. If you’re reading this, congrats, step one accomplished. Outside of simply being in the know, the best ways to stay safe from pretexting are fairly simple:

  1. 1.
    Never ever click on a link from an unknown or unverified source (and make sure to look closely at who sent it, as scammers will try to trick you).
  2. 2.
    When in doubt, contact the relevant authority/party directly.

Another way to confirm someone is who they say they are is by doing a simple people search through a trusted site like PeopleWin. By looking up the contact number, name, or other information you are presented with, you can quickly find out if a story lines up with the truth. So, no matter how compelling a story sounds, always be cautious as to what you believe, and always verify who you’re talking to before sharing any information. 

Cyrus Grant is a writer from Southern California with a background in law and dispute resolution. When he isn’t writing he can be found deep-diving into the latest technology trends or simply spending time at the beach.