What is Pretexting?

Michael Pollick
Michael Pollick

Pretexting is generally defined as obtaining sensitive or personal information through impersonation or other deception. It is considered an illegal act under most circumstances, but the laws against the practice vary from state to state and aren't always clearly written. It is illegal, under the Gramm-Leach-Bliley Act, to use pretexting in order to gain access to bank accounts or other sensitive financial information. It is not necessarily illegal, however, to use it in order to obtain phone records or expose an unfaithful spouse. Lying about your identity is not always a crime, but benefiting financially from it is actionable.

Pretexting in order to gain access to bank accounts is illegal.
Pretexting in order to gain access to bank accounts is illegal.

Many people are familiar with the idea of illegal computer hacking and identity theft, but very few people are familiar with the practice of pretexting. Hacking into computer servers or using sophisticated programs to uncover passwords is only one aspect of cyberhacking. Practices such as pretexting and phishing are examples of social engineering, the human element behind hacking. This works best when the pretexter gives a convincing performance, complete with the proper technical jargon or other insider information.

Pretexting in order to expose an unfaithful spouse is not necessarily illegal.
Pretexting in order to expose an unfaithful spouse is not necessarily illegal.

A typical pretexting incident might involve a criminal trying to access a victim's personal bank account. The criminal calls the victim at home, claiming to be conducting a survey. The questions may sound relatively harmless, but the fake surveyor is really trying to glean personal information, such as a mother's maiden name, a birthdate, a family pet's name or even a portion of the victim's Social Security number. Once the perpetrator has this information, the process continues at the victim's bank.

The caller uses the victim's name when identifying himself to the bank's representative. A pretexter might create a story about losing a checkbook or forgetting her new password. The bank may have strict security measures in place, but the criminal's pretexting can provide many of the answers they seek. Once the criminal has full access to the victim's banking information, he can clear out the account in minutes. Another criminal may use personal information to create a new credit card account or take over an existing one.

In 2006, the chief executive officer (CEO) of the computer giant Hewlett-Packard became embroiled in a pretexting scheme and eventually resigned. In an effort to discover the source of internal information leaks, the former CEO hired an outside investigator. Several Hewlett-Packard executives discovered that their personal and professional phone records had been collected without their permission. Following an investigation, it was determined that the outside investigators had used pretexting in order to obtain those phone records. The phone company's representatives believed they were communicating with the real Hewlett-Packard employees.

Michael Pollick
Michael Pollick

A regular wiseGEEK contributor, Michael enjoys doing research in order to satisfy his wide-ranging curiosity about a variety of arcane topics. Before becoming a professional writer, Michael worked as an English tutor, poet, voice-over artist, and DJ.

You might also Like

Readers Also Love

Discussion Comments

If you do believe you may have dealings with a company or agency that is contacting you, do not reply to their emails or respond to their phone calls.

Instead, look up the official contact information for that organization and call them yourself to find out whether they put out the call or email in question.

Nearly 100 percent of the time, the answer will be no, and you will have alerted them to the scam, possibly protecting others.

You are right, Certlerant. In this day and age where most everyone has two or three email accounts, one good rule of thumb is to ask yourself if you have ever given your email address to the supposed organization in question.

In that same vein, be mindful of what you know about your financial situation and history and what companies with which you actually do business.

If you have no Mastercard accounts, for example, there is no reason a specific Mastercard carrier would need you to contact them about a payment.

The best way to avoid falling victim to a pretexting scam is to never give your social security number, bank account number or any other personal or financial information in response to an unsolicited email or telephone call.

Unfortunately, those who run these scams have developed ways to give details on emails or phone calls that make a person believe the caller must know them or be associated with their bank or other familiar business.

Keep in mind, essentially all organizations that would need your personal information would not contact you via email to do business.

Post your comments
Forgot password?