What exactly is pretexting?Pretexting is the act of falsifying identity or lying to persuade a target to release information or perform an action. Pretexting is most commonly done over the telephone.
Pretexting is more than a simple lie as it often involves prior research and set up, using pieces of known information (e.g. date of birth, last bill amount) to establish legitimacy in the mind of the target (e.g. a credit card company representative).
The pretext is usually an invented scenario constructed by the assailant. The assailant may call the actual owner of the information saying they are the representative from the credit card company confirming some identifying or personal information.
For example, the "representative" may be confirming a knowingly false change in address, when the customer corrects them by giving them their correct address. Then, the "rep" asks the customer to confirm their identity by revealing the last four digits of their social security number, date of birth, and/or mother's maiden name.
The complimentary part of this pretext is then for the assailant to call the credit card company claiming to be the customer. With this personal information, they may access or enable other account features and even get another credit card issued.
Pretexting is a type of social engineering. Social engineering is any collection of techniques used to manipulate people into performing actions or divulging confidential information. Phishing is another type of social engineering. The term typically applies to trickery for information gathering or computer system access. In most cases the perpetrator never comes face-to-face with the victim.
Third parties - whether your family members, friends, or prospective thieves - aren't supposed to have access to your personal information. The only real exception to access of your personal devices is an employer who issued you a company phone or any device; they have the right to ensure you are not abusing company resources.
Reverse Phone Detective does NOT condone pretexting for personal information, telephone numbers, and/or phone records in any way. Our records in no way, shape, or form come from pretexting. Companies and persons that use pretexting should be prosecuted to the full extent of the law.
Know the law:Under the Gramm-Leach-Bliley Act (or Financial Services Modernization Act), it is illegal for anyone to:
* Use fictitious, false, or fraudulent statements or documents to get customer information from a financial institution or directly from a customer of a financial institution.
* Use forged, counterfeit, lost, or stolen documents to get customer information from a financial institution or directly from a customer of a financial institution.
* Ask another person to get someone else's customer information using false, fictitious or fraudulent statements or using false, fictitious or fraudulent documents or forged, counterfeit, lost, or stolen documents.
Scandal alert!In a recent public relations nightmare, Hewlett-Packard's Chairwoman Patricia Dunn, Ethics Officer Kevin Hunsaker, and several private investigators were implicated and accused of using pretexting to get private phone records of board members, journalists, and HP employees in an attempt to identify who was leaking restricted company information to the media.
Hired private investigators also put spyware on at least one reporter's computer. Charges have been dropped, but not before the State of California reached a $14.5 million dollar settlement with HP to fund investigations into pretexting and similar types of privacy rights investigations.
(You can read more about this story here.)
Private investigation companies:Until recently, many private investigation companies were supplying call and text records on virtually anyone!
For less than a hundred dollars, these companies would use pretexting and other illegal tactics to gain these records. Tactics included calling the phone companies impersonating the actual phone customer and requesting physical phone records (under the pretext they had changed addresses).
The issue gained national attention when a Washington D.C. blogger bought former Supreme Allied Commander of NATO, former presidential candidate General Welsey Clark's phone records from www.celltolls.com for $89.95 USD. The only information required was "General Clark's cell phone number and our credit card."
In 2005, the Electronic Privacy Information Center (EPIC) counted 40 companies that were illegally selling phone records.
Some companies are even still advertising call and text records online even though it is illegal! They are breaking the law by doing it. For more information, check out the Federal Trade Commission's page on pretexting.