Working With Us | Products | Case Studies | FAQ | About Online Media

Candygram! Pretexting Made Easy

Sep
13
2006

This thing called pretexting has gotten a lot of attention lately. You’d think it was a novel concept, that private investigators hired by Hewlett Packard chairwoman Patricia Dunn had invented the technique in order to ferret out the source of persistent information leaks from the company’s board of directors.

In its current context, the word “pretexting” sounds arcane: A technology company searching for an information leak by digging into telephone and cell phone call records. Another reason to recoil in fear from digital society!

Problem is, as a means of obtaining information, pretexting is as old as mankind itself. Oh, sure, in its current usage the term is new, but there is no shortage of perfectly good words – words with which we are more familiar – that can be used to describe the activity in question. “Social engineering” comes to mind, but that’s a fairly new description itself. “Spying” is another. “Snooping, prying, cajoling”… were I ambitious enough, I’d grab my Roget’s Thesaurus and fill the next couple paragraphs with more words that would also work.

I do think it’s an interesting phenomenon that, because a slick new word has been affixed to the situation, our attention is on Dunn – who will step-down as chair of H-P’s board of directors in January – and the means by which her private dicks learned that board member George Keyworth II was passing information on to reporters. Keyworth violated his responsibility as a director and member of HP’s board, potentially broke the law and put the company at risk of repercussions from the Securities and Exchange Commission, but we’re focused instead on the methods used to expose his underhandedness.

Yet, because of this pretexing thing all the attention and bad press have fallen to Dunn and the real villain, Keyworth, has gotten a free pass.

So, what exactly is pretexting? It’s convincing someone to do something they wouldn’t normally do by convincing them that you are something you’re not. It’s lying to obtain something you shouldn’t have. It is, in a word, fraud.

According to mythology, the Greeks used pretexting, sold with the help of a giant wooden horse, to defeat the Trojans. We are told that, moving through his camp dressed as a common footsoldier, King Henry V used pretexting to learn and raise the spirit of his army before the English victory at the Battle of Agincourt. And, in the famous Saturday Night Live Jaws II sketch, the land shark uses pretexting to get unwitting New Yorkers to open their apartment doors. Candygram!

When an organization like AT&T hands over information as a result of a clever ruse, and when the circumstances surrounding the betrayal of that information becomes a highly publicized event, it’s natural to think about how such a thing could happen. Did the gumshoe use unethical means to obtain the information? Most likely, yes, but if the information were easily obtained, it would be unnecessary for a private investigator to get involved. Was there some technology that could have prevented the breach? Maybe, but it’s unlikely since, at some point a human being had to make a decision whether or not to give the information away. Is the person who gave away the information at fault? Yes – and no. Yes because they were the point of failure in the security chain, and no because they were doing their job and likely lacked proper training.

Customer service representatives are a lot like puppies. With proper training, they’ll do a lot of great things for your company, and when they perform their tricks well, they make people happy. They are trained to want to please everyone, so when they are asked to perform a trick they haven’t been trained to perform, they’ll try to figure out a way to please the person asking. That’s a recipe for trouble.

With all this in mind, the fixation on pretexting seems to me to be something of a canard, but what’s a company to do? CSRs don’t get paid a lot of money, and they don’t tend to stick around very long, so investing in extensive training can be an expensive prospect without a whole lot of return.

Then again, when these logical failures occur, spending the extra dough seems in hindsight like it would have been a pretty good deal.

Share  Posted by Mike Spinney at 12:31 PM | Permalink

<< Back to the Spotlight blog

Mike Spinney's bio
Email Mike Spinney




Get Our Weekly Email Newsletter




What We're Reading - Spot-On Books

Hot Spots - What's Hot Around the Web



Spot-on.com | Promote Your Page Too

Spot-on Main | Pinpoint Persuasion | Spotlight Blog | RSS Subscription | Spot-on Writers | Privacy Policy | Contact Us