June 12, 2023

According to a report by Verizon, pretext-based cyberattacks, which exploit false stories or pretexts to deceive victims, have more than doubled in the past year. The report, which analyzed 16,312 security incidents from November 2021 to October 2022, unveiled that 4.1% of these incidents involved pretexting, marking an alarming twofold increase compared to the previous year.

Verizon’s report also disclosed that three-fourths of all breaches initiate with human involvement. These incidents occur when individuals unknowingly fall victim to socially engineered messages, phishing emails, abuse their network access privileges, or persistently use compromised passwords.

Pretext-based attacks, which involve imposters pretending to be IT representatives to trick employees, have received attention due to cases like Uber and Twilio. However, these incidents are just a small part of the overall cyber incident landscape.

Furthermore, generative AI technology has improved the customization and deception of pretext-based assaults. Cybercriminals may now mimic individuals and trick victims into disclosing important information by using voice messages, bogus photos, and other means. Social engineering, notably Business Email Compromise (BEC), have led in a median theft of $50,000 USD, which has contributed to an upsurge in pretexting cases.

The sources for this piece include an article in Axios.