Pretexting: The Latest Threat to Email Security
Monday, June 12th, 2023Verizon recently released its 2023 Data Breach Investigations Report- a comprehensive review of breaches and security incidents occurring over the last year. One surprising finding was a sharp rise in pretexting attacks. To properly respond to these threats, security professionals must understand the risks and prepare for exploitation attempts.
What is a Pretexting Attack?
A pretexting attack is a type of social engineering scam where the attacker tries to convince the victim to give up valuable information or access to a service or system by creating a story or pretext.
These types of scams are a form of phishing. However, pretexting requires more effort than regular phishing attacks that aim to reach as many potential victims as possible and fool one of them into clicking on a malicious link.
To successfully execute a pretexting scam, attackers spend time learning about the target and use the information to manipulate human behavior to achieve a desired outcome. The threat actor may spend more time performing reconnaissance and engaging with the victim. This time investment means that pretexting is often used in attacks with a higher anticipated payout.
In the 2023 Data Breach Investigations Report, analysts found that 50% of all social engineering attacks are pretexting incidents. This represented a 2x increase from the 2022 report. With these types of attacks on the rise, organizations must understand the threat and how to protect themselves from these breaches.
What’s an Example of a Pretexting Attack?
In a business context, pretexting falls under the category of business email compromise scams. Every pretexting scam includes two main elements- a plausible situation and a character. First, by creating the right situation to present to the victim, it is possible to fool the target into believing it is legitimate. Secondly, selecting the right person or organization to impersonate is equally essential.
If the attacker fails to pick a plausible scenario or chooses the wrong entity to impersonate, it drastically reduces the likelihood of success. That’s why these schemes require surveillance and research to achieve their aims.
Some common pretexts or scenarios that you should watch out for include the following:
- A CEO or manager asking for an urgent transfer of funds to an unusual account
- A vendor or supplier asking for payment of an unpaid invoice
- A coworker asking for a password to an account they should already have access to
If the attacker has adequately researched the target, they can be quite convincing in impersonating a legitimate source and convincing them to hand over valuable information or assets.
How to Protect Against Pretexting Attacks
Instilling a healthy dose of skepticism in employees is always recommended. Proper training and reminders can help employees remain suspicious of requests for information and funds they do not expect. In addition, implementing the right policies and technologies can help reduce the risk of falling for a pretexting scam. Some additional steps to take to secure your email accounts include:
- Deploying SPF, DKIM, and DMARC to prevent spoofing.
- Using email filtering tools to flag suspicious email activity.
- Installing anti-malware software on all devices can help mitigate the effects if a malicious link is clicked.
- Deploying multi-factor authentication to guard against the risk of password theft and stolen credentials.
- Updating business processes to ensure financial payments are appropriately vetted and signed off on.
Do you need help securing your email accounts? Contact LuxSci today to learn how we can help your business avoid falling victim to pretexting scams.
