Pretexting is a form of social engineering in which an individual lies to obtain privileged data. A pretext is a false motive.

Pretexting often involves a scam where the liar pretends to need information in order to confirm the identity of the person he is talking to. After establishing trust with the targeted individual, the pretexter might ask a series of questions designed to gather key individual identifiers such as confirmation of the individual's social security number, mother's maiden name, place or date of birth or account number. 

Pretexting to gain access to financial data was specifically banned by the Gramm-Leach-Bliley Act (GLB) in 1999. The pretexting restrictions defined by GLB apply to all organizations that handle financial data, including banks, brokerages, credit unions, income tax preparers, debt collection agencies, real estate firms and credit reporting agencies. The Act's restrictions do not apply to information that enters the public domain as a matter of public record, such as details of real estate transactions, property taxes, bankruptcy or police records.

The distinction between legal and illegal behavior is particularly blurred with regards to phone, SMS, email and other telecommunications records, as the laws regulating the privacy of this type of information vary from one state to another in the U.S. and from one country to another, worldwide. The Federal Trade Commission (FTC) has attempted to bar pretexting for telephone records under Section 5 of the FTC Act (which bars "unfair or deceptive acts" in business practices) and has filed several lawsuits against online data brokers to that end. The FTC recommends that individuals never out personal information on the phone or over the Internet unless the individual has initiated the contact.

In a high-profile case, a firm contracted by Hewlett Packard Chair Patricia Dunn used pretexting to access telephone records of HP's board of directors. Dunn engaged the firm to investigate board members after insider information about HP's long-term strategic plans appeared on

This was last updated in May 2011

Continue Reading About pretexting

Dig Deeper on Enterprise data privacy management