Great summary from Kim Cameron of the NPR show on pretexting and privacy issues brought froth by HP spying scandal (originally from Craig Burton)…Pretexting is a problem that will be there as long as there is profit to be made by pretending to be somebody else. In real world communities, short of DNA profiling or a chip planted into each human being, there is not much that can done to eliminate it. And even then enterprising social engineers/pretexts will find a way to pretend to be somebody else.
As with all new technologies that facilitate communication, there is a price to be paid in terms of increase in pretexting. The advent of phones brought in a wave of new pretexting scams (Kevin Mitnick does a good job of documenting them in “The Art of Deception“) and the same is now true of Internet. So what is the solution? How do on-line communities handle rampant pretexting?
I do not believe there are any silver bullets to deal with this issue. Technologies like info-cards help in providing ease of use for managing identities (its a big problem) along with some good encryption mechanisms to make it harder for pretexters to steal identities. But anytime there is a fixed set of credentials (like name, SSN, Credit card etc.) that are used to establish identity, pretexters will be able to deploy clever techniques (albeit with a bit more difficulty) to collect these credentials. Another approach is to rely on more decentralized identity mechanism shared in a tight knit community. Establishing identity in such communities will not only require a user to have the right credentials but also have an understanding of all the old interactions including the shared context with the community members. This will not stop pretexters but will make their job a whole lot harder.
4 thoughts on “Pretexting and social engineering”
Nice piece. Please note that I was just quoting the great Craig Burton.
Thanks Kim for pointing it out…I have corrected the original post.
The only way to combat pretexting and social engineering is through extreme dilligence on the part of the consumer, they are the first and last line of defense against these attacks, I think a Dummies Guide is in order here!
I really appreciate your blog on pretexting. I am in college and we have to write about and research social engineering. Your defintion of pretexting made a heck of a lot more sense to me than the Professors. I am in total agreement with Steve that we do need a Dummies Guide. If people knew how vulnerable they were they could protect themselves. Once again kuddos on this.