IT Pro Impact: Social Pretexting

Jul 17, 2012


It All Started With a Masquerade

Using impersonation as an attack, a method known as social pretexting, is increasingly common and poses a serious risk to end users and businesses alike, from extracting secrets to planting seeds for future data theft. Pretexting isn't limited to teenagers setting up fake profiles to smear people or get secrets from their friends. NATO's supreme commander, James Stavridis, was also a target, and while nothing has been confirmed publicly, it is believed that the exploit resulted in some degree of elicitation of data from his associates.

Neohapsis conducted a field study to demonstrate the potential damage a pretexting attack may have on an enterprise. We decided to build a believable but fake security professional and use that persona to try to get information from people who should know better--other security pros.

In this report, we'll share some tips for conducting a pretexting exercise in your organization and discuss ways to educate employees about the risk. (S5380712)

Research Report