Thursday, January 26, 2023
  • Black Duck’s New Year’s Resolution
  • USENIX Security ’22 – Marina Sanusi Bohuk, Mazharul Islam, Suleman Ahmad, Michael Swift, Thomas Ristenpart, Rahul Chatterjee – ‘Gossamer: Securely Measuring Password-based Logins’
  • Driving To Gapless Visibility – Why Real-Time Network Visibility From Data Center To Cloud Is Essential
  • Complete Compliance: Actionable Evidence Versus Simple Integrations
  • Employee Security – 7 Best Practices to Consider

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv Video Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network Social Engineering 

Home » Cybersecurity » Social Engineering » The Power in a Good Pretext

SBN

The Power in a Good Pretext

by Social-Engineer on July 19, 2021

You’ve been hired to access the data center of a highly secure facility. You spend hours researching the facilities security, combing their website, and searching through employees’ social media accounts. After some digging, you find that this company works with a specific corporate cleaning vendor on a regular basis. You decide to impersonate an employee of this vendor to get in the door. All your planning has come together to create your pretext for the engagement. You know from experience the power of a good pretext.

Chris Hadnagy defines pretexting as “the art of creating a context or occasion for a conversation so that you’re more likely to achieve your goals.” When creating a pretext, you are “assigning yourself a role to play.” You are also “presenting a rational justification, explanation, or ‘excuse’ for pursuing a social encounter of some kind.”

TechStrong Con 2023Sponsorships Available

Pretexting as a Social Engineer

If you had heard of pretexting before clicking on this blog, you may align it with social engineering, or with use in a professional setting. Pretexting is one of the many tools in a social engineering tool belt. When utilized properly, it lends credibility to your engagement and helps you reach your goal. Pretexting’s usefulness, however, does not stop at the professional level.

Pretexting in Everyday Life

“Pretexting in everyday life entails selectively presenting parts of the truth in order to create an advantageous context for a conversation, so that you can quickly build rapport” (Hadnagy, Christopher. Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You, Harper Collins 2021).

Subconsciously, many of us use pretexting in day-to-day life. We might briefly consider what approach to a conversation will give us the outcome we want. For example, when preparing for a job interview, we likely plan our outfit, and have some general ideas of responses we would like to make during the interview. We try and play the part of the perfect potential employee. We push traits or skills to the forefront that we see as positive for the job, whether that be cheerfulness, wittiness, organizational skills, or showcasing our hard work ethic. Putting specific traits on show may or may not produce the outcome we desire, but it will likely get us closer to it.

What if we apply this method to other occasions and conversations throughout our lives purposefully, rather than just subconsciously? Chris Hadnagy explores this in his book Human Hacking: Win Friends, Influence People, and Leave Them Better Off for Having Met You. For an in-depth dive into this topic, as well as practical examples and exercises you can try yourself, we highly recommend this book. For the purpose of this blog, let’s focus on some starting points.

Root Everything in Truth

Choosing to present parts of yourself in order to create an advantageous situation works best if it is indeed a part of yourself. In the professional realm, lying may be permitted per your contract. For example, impersonating a corporate cleaning vendor is likely not rooted in truth. But creating a pretext like this one for use in day-to-day life is neither honest nor, likely, advantageous. When pretexting for the day-to-day, aim to highlight parts of yourself rather than invent them.

As an example, let’s say you have a goal of getting your doctor’s billing office to explain some charges that were not disclosed to you prior to your visit, and to lower the cost. While you might be frustrated at the lack of assistance and explanations from the office, playing the angry, fed up patient may not get you very far. On the other hand, playing the confused and tired, but kind, patient will probably get you closer to reaching your goal. You may be angry, frustrated, confused, tired, and a kind person. Choosing to present select emotions is still rooted in the truth of who you are and how you feel, while leveraging the conversation to your advantage.

Outline Your Conversation

All of us have likely imagined how approaching an important conversation would go. For some of us, this process might involve picturing the worst and most unlikely outcomes. Imagine if, instead, we focused on what was most likely to happen. Thinking through a conversation and the important points you want to bring out, as well as topics you may want to avoid, can help your important conversations go more smoothly. This is true whether you are preparing for an interview or sitting down to talk about an emotional topic with your significant other, friend, or family member.

Don’t overthink it! Try to avoid preparing a response for every possible question or pre-planning your answers. Aim to be in the moment. Think of your preparation as more of an outline, like your interviewing tactics. Reminding yourself which emotions you want to present can help you stay on target.

Consider the Other Persons Emotions

In each situation we’ve discussed (getting into the data center, interviewing for a job, and having an important discussion) the outcome depends on one major thing; how the other person involved feels about you and your requests. What this means for you, is that focusing on the other person and their feelings is going to be in your best interest.

As you develop your pretext and decide on what facets of yourself to present, keep the other person in the forefront of your mind. Take time to consider what you know about them and what feelings you are seeking to invoke. Although this will vary depending on your relation to the person, focusing on how your actions affect others will never be a bad thing.

Build a Pretext

Over the next couple of weeks, we challenge you to consciously create simple pretexts for day-to-day situations. Actively think about how you can reach your goals while remaining honest and focused on others. Connect with us on Twitter to let us know how it went!

Sources
https://www.social-engineer.com/services/social-engineering-teaming-service/
https://www.social-engineer.com/social-engineer-team/christopher-hadnagy/
https://www.social-engineer.org/about/
https://www.amazon.com/Human-Hacking-Friends-Influence-People/dp/0063001780

Images
https://efsclean.com/wp-content/uploads/2019/09/corporate-cleaning-efs-clean-calgary.jpg
https://blog.cordiaresources.com/hs-fs/hubfs/AdobeStock_132775108.jpeg?width=680&name=AdobeStock_132775108.jpeg

*** This is a Security Bloggers Network syndicated blog from Security Through Education authored by Social-Engineer. Read the original post at: https://www.social-engineer.org/general-blog/the-power-in-a-good-pretext/

July 19, 2021July 19, 2021 Social-Engineer General Social Engineer Blog, pretext, social engineering
  • ← A One-Two Punch to Stop Misuse of Privileged Accounts: Identity Analytics Combined with UEBA
  • Richtlinienkonforme Authentifizierung durch Verhaltensbiometrie →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

Orgs Must Prepare for SEC Cybersecurity Requirements Aimed at Boards
US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Russia-Linked Attackers Target US Nuclear Research Facilities
Top 6 Email Security Technologies for the Enterprise
What is PSaaS and is it Worthwhile?
Massive Tech Layoffs Continue to Increase Insider Risks for Enterprises
What Are Open Source Kubernetes Policy Engines? Why You Need One & How to Pick
Why do Hackers Steal? 5 Motives Behind Data Breaches | Eureka Security
Identity Verification for Neo Banking: Ensuring Security and Compliance
Multi-factor Authentication

Upcoming Webinars

Thu 26

Digital Transformation

December 12, 2022 @ 1:00 pm - January 27, 2023 @ 2:00 pm
Tue 31

Moving Beyond SBOMs to Secure the Software Supply Chain

January 31 @ 11:00 am - 12:00 pm
Tue 31

Live-Hacking Container Workloads on AWS

January 31 @ 1:00 pm - 2:00 pm
Feb 01

Achieving DevSecOps: Reducing AppSec Noise at Scale

February 1 @ 1:00 pm - 2:00 pm
Feb 15

Understanding Cyber Insurance Identity Security Requirements for 2023

February 15 @ 11:00 am - 12:00 pm
Feb 15

Where Will DevSecOps ‘Shift’ Next?

February 15 @ 1:00 pm - 2:00 pm
Feb 21

Headwinds, Crosswinds and Tailwinds: Securing the Cloud in Turbulent Times

February 21 @ 1:00 pm - 2:00 pm
Feb 22

Best Practices to Secure Your Software Supply Chain

February 22 @ 1:00 pm - 2:00 pm
Feb 28

SaaS-Based Container Networking and Security on Amazon EKS

February 28 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

US No-Fly List Leaked via Airline Dev Server by @_nyancrimew

January 23, 2023 Richi Jennings | 3 days ago 0
T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks
Analytics & Intelligence API Security Careers Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Incident Response Industry Spotlight Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

T-Mobile’s SIXTH Breach in 5 years: 37M Users’ PII Leaks

January 20, 2023 Richi Jennings | Jan 20 0
APIs in Vehicle Software Vulnerable to Attacks
API Security Application Security Cybersecurity Data Security Featured Industry Spotlight Malware Security Boulevard (Original) Threat Intelligence Vulnerabilities 

APIs in Vehicle Software Vulnerable to Attacks

January 18, 2023 Sue Poremba | Jan 18 0

Top Stories

Skyhawk Security Adds Runtime Protection to Cloud Security Portfolio
Cloud Security Cybersecurity Featured News Security Boulevard (Original) Spotlight 

Skyhawk Security Adds Runtime Protection to Cloud Security Portfolio

January 25, 2023 Michael Vizard | 1 day ago 0
PayPal Credential Stuffing Attacks Renew Calls for MFA
Application Security Cybersecurity Data Security Featured Governance, Risk & Compliance Identity & Access Incident Response News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

PayPal Credential Stuffing Attacks Renew Calls for MFA

January 25, 2023 Teri Robinson | 1 day ago 0
Orgs Must Prepare for SEC Cybersecurity Requirements Aimed at Boards
Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Network Security News Security Boulevard (Original) Spotlight Threat Intelligence 

Orgs Must Prepare for SEC Cybersecurity Requirements Aimed at Boards

January 23, 2023 Teri Robinson | 3 days ago 0

Security Humor

Randall Munroe’s XKCD ‘Planet Killer Comet Margarita’

Randall Munroe’s XKCD ‘Planet Killer Comet Margarita’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.