Social engineering is a broader term used for manipulating people to divulge personal information usually associated with identity theft. It takes
advantage of peoples vulnerabilities and ignorance. While pharming and card skimming could be considered hacking, phishing and pretexting are more one on one.
PRETEXTING is a technique of calling into a servicepany ( i, e, cable, phone, electric, school, etc... ) in order to have them release personal information about a
selected target. A pretexter will have done some homework first and obtained bits and pieces of a persons identity and then try and fill in the blanks. Once enough
data is collected, they can move up the ranks and get hold of a manager to make changes to there targets account like transfer funds, add authorized users, issue
new cards ...
People first coined the phrase 'pretexting' in 2006 after then CEO of Hewlett Packard hired private investigators to impersonate board members
to the phonepany to obtain phone records because someone was leaking ongoing boardroom disputes to the press. This brought about intervention from the
Federal Trademission. 2 years later in March 2008 they implemented CPNI - "Customer Proprietary Network Information". In the past, last 4 digits of your social
security number, mothers' maiden name, place of birth or even dogs name were sufficient for identification.
Today I work for a nation wide cable / internet
provider and it has become illegal for me to discuss phone records, email addresses, passwords, account balances and the like without an access code or pin#.
Either a random one or one they provide ( not last 4 of the SSN# ). The rules are quite simple and the fines are stiff... As their service provider, at the customers
request, I may send call detail information to the customers address on record. Also, service providers may call the telephone number on record and discuss detail
information. Hence it is also illegal for me to give out the access code or password if a customer initiates the call to me.
Then there is the story of how social
engineers used pretexting to take over and ruin the accounts of Xbox Live rivals. But that's for another time. The best way NOT to fall victim to deceptive tactics is
to stay vigilant, be mindful of who know how much about you, and watch your own back.