The Secret World of Pretexting: An Insider Look into the Art of Deception

Ever had a call from “IT support” wanting to “verify” your password because it was “compromised”? Or a call from your “bank rep” inquiring about “suspicious” charges on your account? If so, welcome to the world of pretexting, a deceptive technique behind social engineering attacks like phishing, business email compromise (BEC), and catfishing.  

Today, we’re going to talk about what pretexting is, the sneaky tactics that outsmart most people, and the secret triggers you must know to gain the upper hand. 

Pretexting: The silent force behind every social engineering attack 

What is pretexting in cybersecurity? 

First, let’s get definitions out of the way. 

Pretexting is the use of an invented story to gain your trust and manipulate you into acting against your best interests.  

In The Language of Deception, Justin Hutchens points out that pretexting - as the basis of social engineering - is as old as human civilization itself. It’s found in everything from folklore to philosophy. 

Hutchens gives the example of Aesop’s The Fox and the Crow.  

Imagine you’re the Crow. You have something everyone in the forest wants: a big piece of cheese. Then comes the Fox. He knows you’re too smart for brute force tactics. So, he flatters you and praises your singing voice. He makes you feel seen and heard. 

Then, he begs you to sing for him. 

And just like that, you forget your suspicions. You open your beak to sing - and lose everything. 

This is pretexting, the art of building trust with a well-crafted lie. In the digital age, Foxes are everywhere.  

They impersonate executives, celebrities, doctors, bankers, and trusted friends, and they use meticulously crafted stories to get what they want: your passwords, banking details, Social Security number, credit card info, and cash. 

Below, you’ll discover how one woman lost her entire life’s savings because she trusted one of these foxes. 

The rise of pretexting in 2025 and why scammers love it (it’s not what you think) 

Did you know that 54 people per second fall victim to a cyber-attack? 

Or 87% of social engineering attacks last year were due to pretexting? 

Here’s why scammers love pretexting. In a world where obvious scams assault your senses daily, the subtlety of pretexting makes it the perfect weapon. Scammers don’t need to hack your computer. They just need to hack your trust. 

And in 2025, they’re using AI to create ever more convincing scripts, videos, and emails.  

Last year, pretexting delivered huge paydays for scammers. They made $16 billion from AI-generated scam emails alone. 

And as you’ll see, elaborate pretexting scams aren’t just a trend, they’re destroying real lives. 

What is a real-life example of pretexting? 

I love thee, I love thee not: Pretexting in AI-generated romance scams 

Anne never saw it coming. 

She was posting pictures of her ski trip on Instagram when a scammer pretending to be Brad Pitt’s mother reached out. 

Unhappily married, Anne was flattered by the scammer’s claim that she was exactly the kind of woman Brad needed. 

Her positive response led the scammer to shift to posing as Brad Pitt himself. He sent AI-generated pictures of Pitt and showered Anne with affection. The scammer played on Anne’s empathy and loneliness. He knew exactly how to talk to her, sending fervent declarations of love and promises of marriage. 

Envisioning herself as Mrs. Brad Pitt, Anne ignored her daughter’s warnings that she was being conned.  

The scammer even sent luxury goods to her, for which Anne had to pay “customs fees.” Eventually, he sent AI-generated pictures of Brad in a hospital bed, claiming he had kidney cancer and needed urgent treatment. 

He begged Anne for financial help as his ex-wife Angelina Jolie had “frozen” his accounts. Meanwhile, Anne’s daughter desperately tried to warn her mother that she was headed for heartbreak. 

Unfortunately, the scammer was ready for this: He sent AI-generated videos of “news anchors” talking about Brad’s “exclusive relationship with Anne” and he shared emails from the star’s “doctor” confirming that Brad had “cancer.” 

In the end, Anne sent every penny she received from her own divorce to the scammer (about $855,000 or €830,000). Reality didn’t set in until the real Brad Pitt made his relationship with his girlfriend Ines de Ramon official in June 2024. 

Although she has been mocked for coming forward, Anne’s experience is a wake-up call. In 2025, anyone can become the victim of a well-crafted scam.  

Here’s why: Scammers conduct thorough research on their victims, so they know which emotions to target and how to craft credible scenarios for them.  

And because strong emotions can override logic, the victim often throws caution to the wind and ignores warning signs. The end result is a big payday for scammers.  

Below, we’re going to reveal the six favorite triggers scammers use, which means you’ll be armed with the knowledge to spot scams AND protect those around you.  

Why many people fall for pretexting tricks (and how you can be the exception) 

Could it be that behind every masterful pretext lies timeless principles that have shaped human behavior since time began? 

In his book The Language of Deception, Hutchens echoes the premise that Dr. Robert Cialdini’s six principles of persuasion can be exploited to drive outcomes in social engineering attacks. These principles are: 

#1 Reciprocity: How a simple gift inspires you to return the favor 

When your server hands out a mint at the end of your meal, it isn’t just a nice gesture. It’s a trigger, especially if it’s delivered with a personal touch. 

A study published in the Journal of Applied Social Psychology bears this out: Servers saw a 21% increase in tips by giving mints in a very deliberate, personalized way. They first brought out the check, along with two mints per person. Then, they returned shortly after with an additional set of mints, telling everyone they brought more in case anyone wanted another. 

This unexpected gesture of generosity triggered the reciprocity principle, significantly increasing the tips received. 

Similarly, a scammer may say they've sent a “refund” for tech support services you use because their company is “going out of business.”  

But here’s the catch: they’ll tell you they sent too much ($4,000 instead of $400) and will need your bank details to process the chargeback. The scammer hopes that, by giving you something first (the refund), you’ll be compelled to give something back (your bank account info). 

#2 Scarcity: Last chance magic turns the ordinary into the irresistible 

Hutchens explains that the use of scarcity or FOMO (fear of missing out) is a common tactic in late-night informercials. Phrases like “supplies limited” or “for a limited time only” often trigger impulsive decisions. 

In 2024, scammers used deepfake videos of Polish billionaire Rafal Brzoska to promote fake investment programs. In the videos, an AI-generated Brzoska mentions that the program is only available to 100 people and that he expects only 50 of the “most determined” individuals to take advantage of it. He also emphasizes that the video “can only be viewed once.” 

If the viewer leaves the page, the link will expire and with it, the “opportunity.” 

The video ad invokes the principle of scarcity, increasing the pressure on victims to act immediately. 

#3 Authority: Why scammers love to say they’re from IT, HR, or your bank 

In the 2023 movie Killers of the Flower Moon, Robert de Niro plays William Hale, a self-styled “King of the Osage Hills.” He oozes goodwill as a benefactor of the Osage nation, hiding his true motives. 

In the story, he instructs his greedy nephew Ernest Burkhart (Leonardo DiCaprio) to marry Mollie, an Osage woman, with the intent to control her family’s oil wealth. When Hale orders Ernest to poison Mollie with tainted insulin, he does so by leveraging his position as both uncle and community leader. 

In the movie, director Martin Scorsese emphasizes the allure of authority through the perspective of Ernest “as a man who knew what he was doing but preferred to deny it.” 

Psychologist Stanley Milgram demonstrated this allure in his famous experiment in the early 1960s. During the experiment, participants were divided into “teacher” and “learner” roles. Each time a “learner” made a mistake, the “teacher” testing him was to administer what they believed was a painful “electric shock.” 

Milgram found that 65% of participants willingly administered the maximum level of electric shocks (a supposed “450 volts”) because the experiment leader insisted. So, when scammers pretend they’re from IT, HR, or your bank, they’re hoping that an appeal to authority will compel you to act without thinking. 

#4 Consistency: How the slippery slope of tiny “commitments” lead to danger 

Hutchens points out that the principle of consistency exploits our innate nature as creatures of habit. He gives the example of scammers who pretend to be Social Security Administration officials in vishing calls.  

First, the scammers begin by establishing their “authority.” Then, they get you to make tiny commitments by asking you to “confirm your address” or “verify your birthdate.” Once you answer these seemingly minor questions, your brain wants to stay consistent. 

To keep your interest, the scammers make it all about YOU. They tell you “your account has been flagged for suspicious activity” and that “you must take action to protect yourself.” The scammers appeal to your self-image as a smart, responsible person. 

With each step of the interaction, they focus on leveraging your desire to remain consistent with this self-image. If you stay on the call, you’ll eventually be asked for the real info they’re after, ‘What’s your Social Security number?”  

Tell your friends and loved ones not to fall for it. 

#5 Consensus: Why what everyone else is doing feels so right 

In the 1997 movie, Men in Black (MiB), the actors Tommy Lee Jones (Agent K) and Will Smith (Agent J) work for a secret federal agency that tracks extraterrestrial life on earth.  

Agent J thinks the world can handle the truth about aliens, but Agent K disagrees. 

Agent J: Why the big secret? People are smart. They can handle it. 

Agent K: A person is smart. People are dumb, panicky, dangerous animals – and you know it. 

In the movie, the MiB organization hides the “truth” about aliens because they fear the resulting chaos that could result from collective panic. Agent K implies that consensus is a very powerful motivator.  

Similarly, a scammer may call and pretend to be IT support. They’ll say all employees in your department have already upgraded to a new authentication system due to a security incident. And they’re counting on you to do your part. The scammer then tells you they need your current password to complete the “changeover” process.  

By suggesting that others have already acted, the scammers hope to increase the likelihood of your compliance. It’s one of the most effective tactics in their playbook.  

#6 Liking: How the friendship effect unlocks trust and cooperation 

According to Hutchens, this is the most dangerous trigger of all. Scammers are masters at making victims feel heard and understood. Why? Because it works.  

Remember Anne, the French woman who fell for a Brad Pitt imposter? The scammer sent her love poems, listened to her problems, and made her feel special while she was going through a painful divorce. 

When someone feels truly understood, they drop their guard and start trusting. And when trust is high, compliance is almost guaranteed. That’s how Anne ended up giving her entire divorce settlement to a man she had never even met. The principle of liking is likely the most powerful weapon in the persuasion arsenal.  

But that’s not all.  

Stay with us as we reveal Cialdini’s newest principle, one that makes persuasion even more effortless for scammers. When you know the signs, you’ll not only stay safer, but you’ll also be able to protect those you care about. 

Together we stand: The perils of weaponized unity 

While scammers have mastered the art of being liked, there’s another hidden lever: Unity. 

Cialdini’s newest principle leverages the bond of team identity. This identity can come from being part of a close-knit family or group based on nationality, religion, race, or political affiliation. 

Cialdini showed how powerful team identity is with an experiment. To identify attitudes about key issues, he asked his students and their parents to fill out a questionnaire. While the students mostly complied, only 20% of the parents filled out the form.  

Cialdini then made a small tweak. He told the parents that their kids would receive an extra point on a test if they filled out the questionnaire, too. He got a whopping 97% response rate. 

Meta’s ad targeting based on shared identities is a textbook case of playing on people’s primal need to belong. Due to public pressure, however, the platform has shut down explicit targeting by race, sex, ethnicity, or political affiliation. But the fact remains: People are wired to respond to messages that make them feel a sense of belonging.  

This was displayed during the 2024 election when scammers used “campaign investment pool” schemes to promise fake “profitable returns” on campaign contributions. In another scheme, scammers posed as online merchants selling campaign swag.  

The hucksters played on voter sentiments to steal credit card numbers and personal details. And the swag? They were never delivered. 

Is online scamming illegal? 

If you’ve ever asked this question, you aren’t alone. Google searches for the question yield a staggering 105 million+ results.  

Meanwhile, a Google search for “Is romance scamming illegal?” also yields millions of results.  

What this shows is that people are worried. They want to know what the law says about scams. 

The good news is that cybercriminals who use online scams to commit financial fraud can face state and federal charges for wire fraud. The penalties include a fine or up to 20 years in federal prison, or both.  

And in states like California, the perpetrator could also face up to three (3) years in state prison, fines up to $5,000, and restitution to the victim – if the scam is prosecuted as a felony. 

The ultimate defense: How to outsmart scammers at their own game 

The checklist to keep on your desk (just in case) 

The best defense against pretexting isn’t a single, dramatic action. Just like building good habits, it’s about taking small, smart steps every day.  

Here's how you can protect yourself and those you care about, one step at a time: 

1. Keep your personal info private. Pause before you hand over information to a caller who claims to be from the IRS, Social Security Administration, or another federal agency. Don’t trust your Caller ID as that can be spoofed or faked. Instead, hang up the phone and call the official number of the government agency. 

 

Have a no-share policy, which means you never share info like bank account numbers, passwords, security codes, driver’s license number, your date of birth, home address, and Social Security number.  

 

Cathy, a 70-year-old widow from California, lost $25,000 after a scammer convinced her he was from Wells Fargo’s fraud department. She gave him her bank account password after he read her the last four digits of her SSN. As a result, the scammer was able to authorize a transfer of $25,000 from Cathy’s account to his.  

 

2. Don’t rush because the caller says it’s urgent. Urgency is a key tactic used by scammers. If someone pressures you to act fast, don’t take the bait.  

 

3. Share less on social media. The less you share, the harder it is for scammers to target you. On cloud nine about your recent trip to Europe? Posting pictures of an expensive vacation implies you have disposable income. This is what made Anne more attractive to the Brad Pitt imposter. 

 

If you must post pictures, review your privacy settings and adjust them accordingly. On Facebook, for example, you can make your profile and posts visible only to Facebook contacts, disable location sharing, and limit who can send you friend requests & messages.  

 

That said, consider posting as little as possible about personal activities that highlight your financial or social status. 

 

4. Use a unique password for every account. Reusing passwords is like using the same lock for your house, garage, and safe. If one gets picked, all your assets are at risk.  

 

5. Add extra protection with multi-factor authentication. Turn on MFA, whenever possible. Note: The type of MFA matters. Use phishing-resistant MFA such as FIDO2 hardware keys like YubiKey or passkeys. 

 

6. Keep your devices, browsers, and software updated. Make sure your phone, apps, computer, and browser are updated. Updates often include important security fixes and upgrades. 

The one simple step that ties it all together  

Pretexting thrives on weak spots: reused, easily guessed passwords, poor security habits, and human error.  

With LastPass, you get: 

• Easy password generation. Every login gets a strong, secure password, which is next to impossible for scammers to guess. You can also customize every password according to NIST and CISA rules, making your login credentials even more robust.  

• Phishing resistant FIDO2 MFA. Even if a scammer manages to get your login credentials, they’re locked out with advanced MFA. 

• Military-grade encryption. With AES-256 encryption (the same used by the military and governments worldwide), all your data is scrambled into unreadable ciphertext before it leaves your device. And with our Zero Knowledge framework, neither LastPass nor scammers can see your information.  

• Convenient autofill. Safe, seamless logins keep your digital life secure and hassle-free. With LastPass autofill, you never have to worry about mistakes, manual logins, and data-harvesting keyloggers. 

• 24/7 Dark Web Monitoring service. LastPass keeps watch over your data, even when you’re sleeping. If your emails are found compromised, you get immediate alerts so you can act quickly to update your passwords and lock down your accounts. 

Ready to experience the peace of mind enjoyed by millions of our customers? Step into next-gen security with a 2025 G2 leader in password management, web security, MFA, and Dark Web Monitoring. Take LastPass for a free 30-day trial run  and experience the difference it makes.