In AP Cybersecurity, pretexting is a social engineering tactic where an adversary creates a believable reason or backstory to contact a target and manipulate them into a desired action (EK 2.1.A.2).
Pretexting is when an attacker invents a fake-but-believable reason to reach out to you. Instead of just demanding your password, they build a little story first: "Hi, I'm calling from IT about that ticket you opened." The pretext (the made-up context) lowers your guard so the actual request feels normal.
In the CED this lives under social engineering, which is the set of psychological tricks adversaries use to manipulate targets instead of hacking machines directly (EK 2.1.A.1). Pretexting specifically is "creating a believable reason to contact a target" (EK 2.1.A.2). It often pairs with other social engineering levers in the same objective, like authority (pretending to be the boss), intimidation (threatening consequences), and consensus (claiming everyone else already complied). The pretext is the wrapper; those levers are what's inside.
Pretexting sits in Unit 2: Securing Spaces, under topic 2.1 Cyber Foundations. It directly supports learning objective AP Cybersecurity 2.1.A, "Identify social engineering attacks," and EK 2.1.A.2 names it by definition. This matters because social engineering is the human side of security. You can have firewalls and encryption locked down, but a convincing phone call can still talk an employee into handing over access. That's exactly why the CED teaches it alongside risk and defense in depth: people are a layer that needs protecting too.
Keep studying AP Cybersecurity Unit 2
Visual cheatsheet
view galleryAuthority, intimidation, and consensus (Unit 2)
These are the manipulation levers that ride inside a pretext. The pretext is the believable cover story, and authority, intimidation, or consensus is the push that makes you act on it. They almost always show up together in exam scenarios.
Reconnaissance and open source intelligence (Unit 2)
A good pretext needs research. Adversaries use OSINT (freely available info like LinkedIn or company sites) during the reconnaissance phase to learn names, job titles, and projects, then weave those real details into a fake story so it sounds legit.
Defense in depth / layered defense (Unit 2)
Because pretexting targets people, technical controls alone won't stop it. A layered defense adds human-focused layers like security awareness training and verification policies, so even if one employee is fooled, another check can catch the attack.
Expect pretexting on multiple-choice questions as a scenario where you read a short story and name the technique. A classic stem: an attacker emails employees "claiming to be from the company's IT department" and demands they verify credentials "or face account suspension." Your job is to recognize that the fake IT identity is the pretext, and to distinguish it from related levers like intimidation (the threat of account suspension) or phishing (the delivery method). Read the scenario for two things: the made-up backstory (pretext) and the pressure tactic layered on top.
Pretexting is the believable backstory an attacker uses to seem legitimate. Phishing is a delivery method, usually a deceptive email or message that tricks you into clicking a link or giving up info. They overlap constantly because most phishing emails use a pretext, but they're not the same thing. The pretext is the lie; phishing is one way that lie gets to you.
Pretexting is creating a believable reason to contact a target, as defined in EK 2.1.A.2.
It's a social engineering tactic, meaning it manipulates people psychologically rather than attacking machines.
The pretext usually wraps around another lever like authority, intimidation, or consensus to push the target into acting.
Attackers build convincing pretexts using OSINT gathered during the reconnaissance phase.
On the exam, identify the fake backstory as the pretext and don't confuse it with the threat (intimidation) or the email itself (phishing).
Pretexting is a social engineering tactic where an adversary invents a believable reason or backstory to contact a target, defined in EK 2.1.A.2 under learning objective AP Cybersecurity 2.1.A. The fake context lowers the target's guard so the real request seems normal.
No. Phishing is a delivery method, usually a deceptive email or message, while pretexting is the believable cover story the attacker uses. Most phishing attacks rely on a pretext, so they overlap, but pretexting is the lie and phishing is one way that lie reaches you.
Pretexting is the made-up reason for contact, like pretending to be from IT. Intimidation (EK 2.1.A.4) is stating negative consequences if demands aren't met, like threatening account suspension. A single attack often uses both: the pretext sets the scene and intimidation applies the pressure.
They use reconnaissance, often pulling open source intelligence (OSINT) from freely available sources like company websites and social media, to learn real names, job titles, and projects. They then fold those true details into a fake story so it sounds credible.
Since pretexting targets people, technical controls alone aren't enough. A defense-in-depth approach adds human layers like security awareness training and identity-verification policies, so an employee can confirm who's really calling before acting on the request.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.