Advanced Security Training (AST) 2025 – 400 Free Practice Questions to Pass the Exam

Pretexting is a common social engineering attack that involves establishing a fabricated scenario or pretext in order to obtain information from an individual. Unlike phishing, which typically uses emails or electronic communications to lure people into providing sensitive information, pretexting specifically involves direct communication. The attacker creates a believable situation that prompts the target to disclose private information, often by impersonating someone they trust or a figure of authority.

In this context, the attacker might pose as a colleague, a technical support agent, or another trusted entity to manipulate the victim into sharing confidential data. This method relies heavily on social skills and the ability to build rapport, making it a particularly effective form of deception.

Other types of social engineering attacks like spear phishing also involve deception but are typically executed through electronic means targeting specific individuals, rather than through direct interaction. Therefore, pretexting stands out as the correct answer due to its emphasis on direct contact to elicit information.