Social engineering is a broader term used for manipulating people to divulge personal information usually associated with identity theft. It takes advantage of peoples vulnerabilities and ignorance. While pharming and card skimming could be considered hacking, phishing and pretexting are more one on one. PRETEXTING is a technique of calling into a service company ( i,e, cable, phone, electric, school, etc… ) in order to have them release personal information about a selected target. A pretexter will have done some homework first and obtained bits and pieces of a persons identity and then try and fill in the blanks. Once enough data is collected, they can move up the ranks and get hold of a manager to make changes to there targets account like transfer funds, add authorized users, issue new cards …
People first coined the phrase ‘pretexting’ in 2006 after then CEO of Hewlett Packard hired private investigators to impersonate board members to the phone company to obtain phone records because someone was leaking ongoing boardroom disputes to the press. This brought about intervention from the Federal Trade Commission. 2 years later in March 2008 they implemented CPNI – “Customer Proprietary Network Information”. In the past, last 4 digits of your social security number, mothers’ maiden name, place of birth or even dogs name were sufficient for identification.
Today I work for a nation wide cable / internet provider and it has become illegal for me to discuss phone records, email addresses, passwords, account balances and the like without an access code or pin#. Either a random one or one they provide ( not last 4 of the SSN# ). The rules are quite simple and the fines are stiff… As their service provider, at the customers request, I may send call detail information to the customers address on record. Also, service providers may call the telephone number on record and discuss detail information. Hence it is also illegal for me to give out the access code or password if a customer initiates the call to me.
Then there is the story of how social engineers used pretexting to take over and ruin the accounts of Xbox Live rivals. But that’s for another time. The best way NOT to fall victim to deceptive tactics is to stay vigilant, be mindful of who know how much about you, and watch your own back.