Technical controls behave predictably under pressure. A misconfigured ACL on a Friday afternoon looks the same as one on a Tuesday morning, and the EDR doesn’t care which day of the week the alert fires. The human side of a target is the opposite. People want to be helpful, they get rushed before lunch and distracted by 4:55 PM, and they trust the voice on the phone because in their experience the voice on the phone has almost always been who it said it was. Pretexting is the discipline of constructing a fabricated scenario that gets a target to release information or perform an action they otherwise wouldn’t, by leaning into that disposition.
Pretexting is the load-bearing technique behind vishing (voice phishing), physical entry attempts, and most modern helpdesk attacks. The September 2023 Scattered Spider operations against MGM Resorts and Caesars Entertainment (Caesars eventually paid roughly $15 million to settle) ran on it. The attack chain started with an employee identified via LinkedIn, a phone call to the IT helpdesk, and about ten minutes of conversation. There was no exploit, no zero-day, no malware delivery vector to detect, only a pretext the helpdesk wasn’t trained to challenge.
The psychology of influence#
Robert Cialdini named six principles of influence in Influence: The Psychology of Persuasion (1984) and added a seventh in Pre-Suasion (2016). The original six are Reciprocity, Commitment/Consistency, Social Proof, Authority, Liking, and Scarcity. The seventh is Unity (shared identity). Almost every working pretext leans on at least two of them.
The ones that show up most often in offensive engagements:
- Authority. “This is the VP of Finance calling.” Pressure to defer rather than challenge.
- Scarcity, expressed as urgency. “I need this transfer before the 4 PM wire cut-off or the deal falls through.” A real-world deadline collapses the target’s evaluation window. Cialdini calls this scarcity; operators reach for urgency because it’s how the principle shows up on the phone.
- Social Proof. “Bob in Accounting said you could help me.” Validation by reference to someone the target already trusts.
- Liking. “I’m new here and I’m just trying to figure out where this gets logged. Could you walk me through it?” The target wants to help a sympathetic caller and feels good doing it.
- Reciprocity. Bring something small (donuts, a small piece of useful information) and the target will reach to balance the exchange.
- Unity. “Hey, fellow Falcons fan, I noticed your Atlanta area code…” Manufactured in-group membership lowers defenses.
A working pretext usually combines two or three of these. The failure mode I see most often is a pretext that leans on a single principle too hard, especially authority by itself, which a trained target reads as bullying rather than as authority.
Building the legend#
You cannot pick up the phone and improvise. If the target googles you mid-call, you need to exist on the result page. The discipline is called backstopping.
- A persona with a public footprint: a fake LinkedIn with reasonable history, a couple of mutual connections, an email that resolves to a domain you actually control. Burner accounts get flagged increasingly fast as LinkedIn rolls out AI-based detection, so age the profile if the engagement timeline allows.
- A domain that reads as legitimate. Lookalike domains targeting the company are obvious; generic-vendor domains (
support-matrix-it.com,acme-billing-portal.net) tend to fare better and don’t trip phishing-domain heuristics as quickly. - A phone number that matches your story. VoIP services that let you select an area code are standard. Note that STIR/SHAKEN attestation is fully deployed on IP networks in the US as of 2026 and meaningfully complicates pure spoofing of an arbitrary number, though calls from non-IP gateways and foreign carriers still get through with A-level attestation that doesn’t actually authenticate the calling party.
The newer wrinkle is voice. AI voice cloning is good enough to imitate a known executive from a few minutes of public-speaking audio. Arup lost roughly $25 million in February 2024 when finance staff joined a deepfake video call with what they believed were senior leadership. Voice clones for vishing are within reach of any operator with a few hundred dollars of cloud compute and a target’s keynote on YouTube.
Common pretext scenarios#
The helpdesk MFA enrollment (vishing)#
The MGM/Caesars-style attack. Operator identifies a target employee via LinkedIn, learns enough about them to answer the basic identity-verification questions a helpdesk asks, calls in claiming to have lost access to their account, and asks for a password and MFA reset. With even moderate operator preparation the call ends with the operator owning the account.
The modern variant doesn’t get the user to approve a push notification (Microsoft enforced number-matching globally on 8 May 2023, which mostly killed MFA fatigue as a primary technique). It targets the helpdesk’s reset workflow directly. Goal: hijack the account before the legitimate user notices.
The MFA bypass via AiTM (phishing + session theft)#
Closely related and increasingly the default modern technique. Operator deploys an Adversary-in-the-Middle kit (Evilginx2, Tycoon 2FA, EvilProxy, Sneaky 2FA) that proxies the target through a fake login page to the real Microsoft 365 / Google / Okta endpoint. The target enters credentials and the legitimate MFA prompt; the kit captures the session cookie after authentication completes. The user logs in successfully and notices nothing.
This has largely displaced both OTP-phishing and push fatigue as the dominant MFA bypass in 2025–2026. Only FIDO2/passkeys (which bind to the origin and refuse to authenticate against a proxy domain) resist it.
The vendor invoice (BEC)#
Targets Accounts Payable. Operator emails or calls posing as a known vendor and asks to update banking details, ideally just after a real invoice has been paid. The deposit on the next invoice goes to the operator’s account. BEC continues to be the highest-dollar category of cybercrime by FBI IC3 reporting, well above ransomware in raw losses.
Tailgating#
Physical access via the front door. A high-vis vest and a clipboard works at most receptions (“here to check the fire extinguishers”). Three boxes of donuts and full hands works almost everywhere (“can you grab the door? I’m bringing these for the team meeting”). The pretext is built around the target’s instinct to be helpful, and most receptions don’t have a verification policy that survives “hands full and visibly burdened.”
Handling resistance#
Trained targets will challenge. The challenges almost always take a familiar shape, something along the lines of “can you send me an email to verify” or “let me call you back at the number on your badge.” Panicking at that point is the most common way to lose the call, because once the target hears uncertainty in your voice, the rest of the conversation is them looking for a graceful way to hang up.
The move is to agree with the challenge while making compliance feel like the easier path. Something like:
Target: “I’m not sure I can give you that info.”
Caller: “Totally understand, security’s really tight right now. Honestly I’m just trying to close this ticket before [Manager Name pulled from OSINT] gets back from his 3 o’clock, so is there a way we can verify this without me having to bug him?”
The structure of the move is acknowledging the challenge, naming a piece of the target’s own authority structure (a real manager they recognize from OSINT, a real policy they’ve heard of), then offering a path that lets them help without feeling like they’re violating policy as they understand it. The target’s own bureaucracy carries most of the conversational weight.
A trained target will not bend on this. That’s also useful data: most engagements that defeat the pretext do so because the target follows a written verification procedure rather than because they were suspicious. The report can name the procedure.
The ethics#
Red Team social engineering exists in an ethical gray zone that’s easy to misread. The rules I work to:
- Never impersonate law enforcement, fire, EMS, or medical providers. Most jurisdictions criminalize the impersonation specifically, and even where it’s legal it’s wrong.
- Never use pretexts involving a target’s family or claimed medical emergencies. “Your wife is in the hospital” is something I would not put another operator’s family through and won’t do to a target.
- Debrief the engagement in terms of process failures, never personal ones. “The verification procedure was ambiguous about who could authorize an MFA reset by phone” is a useful finding. “Susan in helpdesk fell for it” is a way to destroy a team’s morale and lose the next engagement before it starts. Don’t build a wall of sheep.
The strongest argument for being scrupulous about this is selfish: the engagement that follows the rules tends to produce findings the client can act on, and the engagement that breaks them tends to produce a lawsuit and a story that follows you around the industry.
What pretexting comes down to#
Pretexting is professional storytelling. The story needs internal logic, it needs to sound like one the target has heard variants of before, and it needs to give the target a role they can comfortably play (sound like the IT helpdesk and the target plays “user calling the helpdesk”; sound like a stressed vendor and the target plays “accounts payable trying to be useful”). The voice on the phone has to make the part the target is being asked to play feel like the normal shape of their working day.
The villain framing applies here in the operator-affectionate sense. The trickster on the phone is doing one half of the work that keeps the wider security ecosystem honest. The defender side of the same operator’s job is figuring out how to teach people on the receiving end of these calls to spot the trickster without making them paranoid about every legitimate request that comes their way. Anansi would approve.
