Attacks & Threats
Pretexting
Also known as: Impersonation scam
Definition
A social-engineering technique in which an attacker invents a believable scenario or identity to manipulate a target into disclosing information or performing an action.
Examples
- A caller claiming to be from "IT support" asks an employee for their MFA code to "verify" a security alert.
- An attacker pretending to be a vendor requests updated payment details from accounts payable.
Related terms
Social Engineering
The psychological manipulation of people into performing actions or disclosing confidential information that benefits an attacker.
Phishing
A social-engineering attack in which an attacker impersonates a trusted party to trick a victim into revealing credentials, transferring money, or running malware.
Vishing
Phishing conducted over voice channels — phone calls or VoIP — to manipulate victims into revealing credentials, payments, or remote access.
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.
CEO Fraud
A subtype of business email compromise in which an attacker impersonates a senior executive to pressure an employee into performing an unauthorised wire transfer or sensitive action.
Quid Pro Quo Attack
A social-engineering attack in which the attacker offers a service or benefit in exchange for information or access from the victim.