 - Pretexting is a form of social engineering in which an individual lies about his identity or purpose to obtain privileged data about another individual. A pretexter may then use this data to engage in identity theft or corporate espionage.
Pretexting may be employed by telephone or email, through customer service instant messaging or a company Web site. A pretexter may use a variety of strategies to obtain personal information. In one scenario, for example, the pretexter might call an individual claiming affiliation with a bank, survey firm or credit agency. In another scenario, a pretexter might claim to be a customer, client or employee of a company to gain access to phone or electronic records.
After establishing trust with the targeted individual, the pretexter might ask a series of questions designed to gather key individual identifiers (like social security numbers, mother's maiden name, place or date of birth, or account numbers) under the guise of needing to confirm the individual's identity or account. A pretexter could also use forged or stolen identification documents to extract customer information directly from a targeted institution.
Pretexting to gain access to financial data was specifically banned by the Gramm-Leach-Bliley Act in 1999. However, private investigators, hackers and data brokers continue to use pretexting to gain access to other types of information. The pretexting restrictions defined by GLB apply to all organizations that handle financial data, including banks, brokerages, credit unions, income tax preparers, debt collection agencies, real estate firms and credit reporting agencies. The Act's restrictions do not apply to information that enters the public domain as a matter of public record, such as details of real estate transactions, property taxes, bankruptcy or police records.
The distinction between legal and illegal behavior is particularly blurred with regards to phone, SMS, email and other telecommunications records, as the laws regulating the privacy of this type of information vary from one state to another in the U.S. and from one country to another, worldwide. The Federal Trade Commission (FTC) has attempted to bar pretexting for telephone records under Section 5 of the FTC Act (which bars "unfair or deceptive acts" in business practices) and has filed several lawsuits against online data brokers to that end. As of September 2006, there was legislation before both the U.S. House of Representatives and Senate that would make pretexting for telephone records a criminal offense.
In a recent high-profile case, a firm contracted by Hewlett Packard Chair Patricia Dunn used pretexting to access telephone records of HP's board of directors. Dunn engaged the firm to investigate board members after insider information about HP's long-term strategic plans appeared on News.com. In California, where the incident occurred, HP's actions may be illegal under civil statutes regulating identity theft and the use of computer systems to illegally gather information.
| LAST UPDATED: |
12 Sep 2006
|
 |
Read more about pretexting:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
|
