Question

During the reconnaissance stage of a penetration test, Fred calls a number of staff at the target organization. Using a script he prepared, Fred introduces himself as part of the support team for their recently installed software and asks for information about the software and its configuration. What is this technique called?

A. Pretexting
B. OSINT C.
A tag-out
D. Profiling

Answer 1

Pretexting is a social engineering technique used during the reconnaissance stage of a penetration test where an attacker, like Fred in the described scenario, fabricates a scenario to obtain sensitive information from target organization staff.

Step-by-step explanation:

During the reconnaissance stage of a penetration test, when Fred calls staff at the target organization and introduces himself as part of the support team for their recently installed software to ask for information, this technique is called pretexting. Pretexting is a form of social engineering where an attacker creates a fabricated scenario (the pretext) to engage a targeted victim in order to obtain information or gain access to systems. In the scenario described, Fred is pretending to be a legitimate member of the support team which is the fabricated story designed to manipulate the staff into disclosing confidential information about the software and its configuration.